notes
notes copied to clipboard
Automatically signing our Windows installers
For the best experience for our Windows users, we should sign our installers through a legit certificate. The best way will be to do it automatically using AppVeyor.
Steps:
- Check if it's feasible to do so with AppVeyor.
- Buy certificate.
- Integrate it into AppVeyor.
I'm currently signing Tiled releases for Windows using SignPath. They contacted me directly about this possibility, but in general you can contact them to request signing of open source software according to their pricing page.
The way it currently works is that they pull the artifact(s) from AppVeyor, then you approve them for signing and shortly afterwards you can retrieve the signed versions from them. It's easy to set up and avoids paying for a certificate, but the users will see SignPath instead of you as the publisher.
Sounds like a good enough alternative, but 18$ per month? - 216$ per year? That's a whole lot. Did I read it right?
Sounds like a good enough alternative, but 18$ per month? - 216$ per year? That's a whole lot. Did I read it right?
Open source projects are invited to contact them, and will in general receive the service for free I think.