Pyfa
Pyfa copied to clipboard
pyfa-org
[Request] Please reduce the warnings when updating.
When updating Pyfa I get three security warnings about it being unsafe. It makes the app feel sketchy and unsafe.
Chrome warns about a .exe it has not seen, you can submit it for review or just wait a day and that warning should go away.
Windows warns about a .exe that is unsigned and is a large window warning users to back out.
Windows then warns about making changes to the computer with a UAC pop up.
I hope there are some ways to reduce these warnings if not an inbuilt updater would be a real nice feature.
The only solution is to sign installer and executable with a trusted certificate. But it all costs $$ as far as i know, so I never bothered with it, as I do not want to invest money on top of efforts into the project.
Corp-mate of mine linked this: https://about.signpath.io/product/pricing
They offer some "free" solution to open-source projects, so I might give it a try.
edit: I wrote them, but they have this on the pricing page:
Code Signing certificates need to be purchased separately.
So they might be just code signing service - but signing code is not an issue for me, getting trusted certificate is. So, seems like no free options exist.
https://sectigostore.com/code-signing to get rid of all warnings (including smart screen) it is 300 usd/year. So if there are people willing to pay for it, I can easily embed the certificate into pyfa. If not - well, no luck then.
Also, it is much worse experience on Mac, since there you have to go to security center to confirm that you want to install an update. Certificate would fix it too, i suppose.
edit: other options:
- https://www.websecurity.digicert.com/code-signing 700 usd/year
- https://shop.globalsign.com/en/code-signing 410 usd/year
And all EV certificates (only those remove smartscreen warnings) need a legal entity, which has to be validated by certificate issuer: https://en.wikipedia.org/wiki/Extended_Validation_Certificate
Yeah this has been a pain point for years, but there's not much we can do without investing a few hundred every year, which isn't something we're willing to do to save on what is essentially a mild inconvenience. If you download via GitHub and trust this project as people have always trusted it, there shouldn't be any issue.
I've looked into "auto updating" and while it's possible, it would require a bit of work IIRC. That's effort that can go to more important things IMO.
It may be possible that we can sign the package with a self-signed cert, and to avoid the warnings the user may be able to install that as a trusted cert. But I'm not sure if that's possible (I'm going off the fact that you can do that for HTTPS certs, but code-signing certs are different). @DarkFenX do you have any info on that? It's been a while since I looked into code signing so maybe you have more up to date info? 😊
Just looked at some old notes I had bookmarked (specifically https://www.electron.build/code-signing#windows)
EV cert would be best, but that's basically immediate access to get the smart screen to go away. We could technically go the route of a regular (and significantly cheaper) code signing cert. This would still cause warnings until the cert builds trust, and not sure how long exactly that would take. And no idea what it would do on mac.
But still, it would be a cost sink. Personally, with a salary reduction due to COVID, can't spare any funds to dedicate to the project, especially since we've gotten along fine without it all this time. This might be something we definitely look at later down the road for a new version of pyfa tho
Totally understand that. This seems a lot cheaper: https://comodosslstore.com/uk/code-signing What about the UAC, if you follow MS guides to the T can you install without a UAC prompt? I tried googling it and just got hundreds of kids trying to bypass admin rights and no sensible articles about how to programme with UAC in mind.
Regarding OV certificates vs EV certificates - yeah, seems like OV could be enough, just need to build reputation for certificate first. EV just has instant smartscreen reputation. So spending like 70 usd / year is an option indeed (on a 3 year plan).
The only way to avoid UAC is to install into out-of-UAC locations, as far as i know, i.e. not into the program files folder, but into user folder. It also would allow easy updates without elevation. But it goes against MS guidelines, and installation is not shared across multiple users.
https://stackoverflow.com/a/67294127
According to this, it looks like there's an effort to provide code signing to open source projects. https://www.sigstore.dev/
I know close to nothing about it, and it seems to be very new. just wanted to throw it in here in case we want to revisit at some point