Provide Authenticode signed copies of the `.exe` files in `PC`

[Callek]

trafficstars

Is your feature request related to a problem? Please describe. The stub .exe files in the PC folder are currently unsigned, some windows environments are locked down preventing unsigned files, and with distlib being vendored in pip this additionally prevents pip from being fully useable on those environments

Describe the solution you'd like The .exe files included as part of this package and repository will be Authenticode Codesigned with a certificate that Windows trusts by default.

Additional context Microsoft Learn doc on Applocker publisher rule

[pfmoore]

Would that even help? The exes get prepended to a Python zip file as part of building the actual wrapper. The combined exe plus Python code combination would then have an invalid signature, because the content has changed. And it's unlikely to be practical to re-sign the generated file as the generation will happen on an end user's machine which may well not have signing tools available.

[Callek]

My understanding is these .exe's are also used as part of creating a stub when using entry_points rather than combining with the .zip Certainly in cases where the actual .exe contents change then the signature will become invalid

[vsajip]

In all normal cases where a launcher .exe is used, it is prepended to some payload, rendering any signature invalid.

[vsajip]

Closing, as the .exe files are never used in normal modes without appending something - so any signatures would be invalidated.