OneMore icon indicating copy to clipboard operation
OneMore copied to clipboard
verified publisher icon stevencohn

Code Signing for OneMore

Open aryasenna opened this issue 7 months ago • 1 comments

Problem to Solve

OneMark .exe, .dll, and .msi are not digitally signed. Microsoft SmartScreen and Microsoft Edge flagged OneMore as untrusted application.

New Feature/Solution

Use free-of-charge code signature certificate for Open Source project. There are several options:

  • https://signpath.org/
  • https://ossign.org/

Not free, but I think relatively affordable and more flexible : https://shop.certum.eu/open-source-code-signing.html https://shop.certum.eu/open-source-code-signing-on-simplysign.html

Alternative Solutions

none

Additional Context

  • No code integrity/authentication: Some random people can issue binary and installer pretending to be OneMore.
  • Lack of digital signing lowers user trust and adoption:
    • For end-user: OneMore marked as untrusted by Microsoft SmartScreen
    • For organization: the people that evaluates software whitelist will happily reject OneMore due to lack of digital signature

aryasenna avatar Jun 08 '25 10:06 aryasenna