https://issues.dlang.org/show_bug.cgi?id=16065
Issue ID: 16065 Summary: Provide digitally signed binaries for Windows Product: D Version: D2 Hardware: All OS: Windows Status: NEW Severity: enhancement Priority: P1 Component: installer Assignee: nob...@puremagic.com Reporter: 1...@lwshost.com Hi all! Would it be possible to provide digitally signed binaries for the DMD Windows installers? Additionally, though this is likely outside the scope, perhaps [eventually] LDC and GDC installers could be hosted here as well [and signed]? Currently they are delivered over HTTP, and there is no way to be certain that the files truly originated from the downloads.dlang.org server or somewhere else. Even if HTTPS and HSTS were made available, this wouldn't protect users in a hypothetical scenario where the web server itself was compromised or where a Man-in-the-Middle attack had replaced the D website with another website that had a 'valid certificate' issued by another CA. I realize that this may be tricky to add into the build/release process, as protecting the signing key now becomes a critical issue, but I wanted to bring it up as I saw no previous or existing issues that covered this topic. Thank you for your consideration. --