zed
zed copied to clipboard
zed-industries
Digitally sign DMG file too
Check for existing issues
- [X] Completed
Describe the feature
It looks like the files inside DMG files are digitally signed but the the main disk image file is not digitally signed at all. Is there any reason to do so? It would be appreciated if the main disk image file was digitally signed too, to ensure the files are intact and the publisher's information can be found out from the disk image too.
Why it's important?
Certain companies have policies which will only allow the use of digitally signed DMG/PEs only.
Lastly, thank you so much for creating such an awesome product and making it open source too.
If applicable, add mockups / screenshots to help present your vision of the feature
No response
Could be related to https://github.com/zed-industries/zed/issues/6205#issuecomment-1964299953 cc @mrnugget
Could be related to #6205 (comment) cc @mrnugget
Looks like it's not related. The app is digitally signed, I am talking about the DMG file which is not digitally signed at all.
That's done as of #9284; I've checked it locally but just in case anybody wanted to double-check, signed artifacts are available in e.g: https://github.com/zed-industries/zed/actions/runs/8297127089
That's done as of #9284; I've checked it locally but just in case anybody wanted to double-check, signed artifacts are available in e.g: https://github.com/zed-industries/zed/actions/runs/8297127089
@osiewicz Thank you so much 🙇. Besides the link you posted above, I just went to zed.dev to download it, looks like it's still not available as production build for all the users.
Ah yeah, we don't have an official stable/preview build yet; that'll be available this Wednesday most likely.
@osiewicz Thank you so much again. Zed's stable version now ships with ARM64 only build and it's digitally signed too 🙇