From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31509 invoked by alias); 3 Apr 2015 03:17:24 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 31479 invoked by uid 89); 3 Apr 2015 03:17:22 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.8 required=5.0 tests=AWL,BAYES_05,KAM_BODY_URIBL_PCCC,KAM_EXEURI,SPF_PASS,UNPARSEABLE_RELAY autolearn=no version=3.3.2 X-HELO: aibo.runbox.com Received: from aibo.runbox.com (HELO aibo.runbox.com) (91.220.196.211) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Fri, 03 Apr 2015 03:17:20 +0000 Received: from [10.9.9.241] (helo=rmm6prod02.runbox.com) by bars.runbox.com with esmtp (Exim 4.71) (envelope-from ) id 1Yds6f-0007TT-45 for cygwin@cygwin.com; Fri, 03 Apr 2015 05:17:17 +0200 Received: from mail by rmm6prod02.runbox.com with local (Exim 4.76) (envelope-from ) id 1Yds6f-0008Lh-Ge for cygwin@cygwin.com; Fri, 03 Apr 2015 05:17:17 +0200 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Received: from [Authenticated user (258406)] by secure.runbox.com with http (RMM6); for ; Fri, 03 Apr 2015 03:17:17 GMT From: "David A. Wheeler" Reply-To: dwheeler@dwheeler.com To: "cygwin" Subject: Re: Should cygwin's setup*.exe be signed using Sign Tool? Date: Fri, 03 Apr 2015 03:17:00 -0000 In-Reply-To: <721062557.20150403012215@yandex.ru> Message-Id: X-IsSubscribed: yes X-SW-Source: 2015-04/txt/msg00059.txt.bz2 David A. Wheeler inquired: > > Has Cygwin considered signing the installer using Sign Tool? More info: On Fri, 3 Apr 2015 01:22:15 +0300, Andrey Repin wrote: > Did Microsoft made it available separately? Or is there a description of = the > structure of such a signature and/or a free tool that can be used to gene= rate it? Microsoft makes signtool available as part of its SDK at no charge (gratis,= not libre): https://msdn.microsoft.com/en-us/library/windows/desktop/aa387764%28v=3Dv= s.85%29.aspx This page points to some alternatives: http://stackoverflow.com/questions/18211594/windows-code-signing-process-= alternative-to-ms-signtool-exe They note that Mono includes "signcode", and it's libre (as well gratis). = Instructions here: https://developer.mozilla.org/en-US/docs/Signing_an_executable_with_Authe= nticode > Last I checked, you have to install a metric ton of garbage to get signto= ol as > a bonus. It seems to be a short ton. The default installs a lot, but you can desele= ct much. It's not tiny due to dependencies, but it's not *everything*. Also, you *only* have to install it on the system that does the signing; no other system needs it. It's good to have a separate signing system anyw= ay. > People who don't check signature manually, won't check the credibility of > the embedded signature either. > And it only takes about thirty seconds to fake the lines that are visible= in > prompt dialogue. Clearly this is limited. But these signatures are automatically checked by= Windows, and the publisher is displayed for review before acceptance, which raises the b= ar a little. The number of people who check the signatures on setup*.exe is probably pre= tty small; I'm hoping to raise the safety bar for everyone else. There's also an appearance factor: running an unsigned app looks scarier (there's a warning "The publisher could not be verified...", possibly follo= wed by a User Account warning again noting the 'unknown' publisher). Having a signature may make users and their admins more confident that it's okay to use Cygwin. --- David A. Wheeler -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple