Espruino JavaScript
the standalone IDE.exe should better signed with PGP keys or checksums [not urgent] #6739
Unanswered
espruino-discuss3
asked this question in
General
Replies: 1 comment
-
|
Posted at 2023-10-16 by @gfwilliams Sorry, that's not something I'm interested in doing - the standalone exe is really there as a fallback for pre-Windows 10 installs (which would be very rare now), and hasn't been updated in a while. If someone thinks there is a real concern I could just delete the download but I don't think that is really in anyone's best interests. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Posted at 2023-10-13 by ccchan
hi,
this is not an urgent issue,
however i myself seldom run unsigned .exe on windows anymore.
usually from trusted source like github or with a checksum like sha1.
It cost several hundred euro per year to buy the cert for that signature.
so FOSS programmers/users (who hate commercial things) usually accept sign using PGP key,
as in veracrypt:
https://www.veracrypt.fr/en/Downloads.html
Windows:
EXE Installer: VeraCrypt Setup 1.26.7.exe (PGP Signature)
MSI Installer (64-bit) for Windows 10 and later: VeraCrypt_Setup_x64_1.26.7.msi (PGP Signature)
Portable version: VeraCrypt Portable 1.26.7.exe (PGP Signature)
Debugging Symbols: VeraCrypt_1.26.7_Windows_Symbols.zip (PGP Signature)
or put onto github, with checksum e.g. sha1.
these will make the program look more professional, and give users more trust.
thanks
ps: myself dont need this standalone IDE, just a suggestion. thx
Beta Was this translation helpful? Give feedback.
All reactions