eht16 left a comment (geany/geany#4238) > Thanks @eht16 I still believe it would be useful to have #4223 and > [geany/geany-plugins#1408](https://github.com/geany/geany-plugins/pull/1408) > merged so that scripts that generate the installers 'manually' exist > versioned with the code and can be referenced from the wiki.
Yeah. #4223: I will add a comment describing the code signing part as suggested by Colomban geany/geany-plugins#1408: would you mind incoporating Colomban's remarks, I guess we can merge it then. > Note that recently there has been a discussion you may be interested in about > the need to sign windows binaries generated with msys2 ( > [giuspen/cherrytree#2651](https://github.com/giuspen/cherrytree/issues/2651) > ) - I remember you told me that you were considering to no longer signing > Geany, but that may cause headaches. Interesting. In general, I'm not against code signing at all. My previous comment to skip it for the future was meant as "we probably don't need to do this as most users won't care anyway". It seems Microsoft will force users to care. I'm curious about your experiences with signpath.io. Maybe this could work for Geany as well. But then the problem with the MSYS2 libraries still remains. Let's follow the issue https://github.com/msys2/msys2.github.io/issues/380 and see how it goes. Alternatively, we could also consider buying a paid certificate (e.g. from the options in https://github.com/giuspen/cherrytree/issues/2651#issuecomment-2848084507). The costs might be paid from the donation money. Technically it would be easy to also sign the MSYS2 binaries then but signing foreign binaries where we have no control over seems wrong. -- Reply to this email directly or view it on GitHub: https://github.com/geany/geany/pull/4238#issuecomment-2870222573 You are receiving this because you are subscribed to this thread. Message ID: <geany/geany/pull/4238/c2870222...@github.com>
