eht16 left a comment (geany/geany#4238) > I would be content for now to stick with signing only the installer, that is > what I have done with CherryTree and it is enough to prevent the Windows > message advising against proceeding with the installation. My Windows 11 then > is not giving any further warning about binaries or DLLs that were already > installed.
Ah ok. I guess I had some misunderstanding or was thinking too far already. Signing only the installer would be much easier, then we can keep the existing NSI setup for now, at least. (Regarding NSI vs InnoSetup: I'm totally fine with switching, as you want to maintain it and have more experience with InnoSetup in CherryTree, I think it's fine.) > The process is automated all in the GitHub workflow. SignPath has a GitHub > action that does the signing. Have a quick look at > https://github.com/giuspen/cherrytree/blob/master/.github/workflows/windows-msys2.yml > The approval of the signature however requires one or more project members > that receive an email with a notification, log into SignPath, approve, only > after that the workflow completes and both non signed and signed artifacts > are available I see. We could provide the signed *and* unsigned installers for download and explain the user what the signed variant means and that the user has to trust SignPath or use the unsigned variant. I could live with this variant. -- Reply to this email directly or view it on GitHub: https://github.com/geany/geany/pull/4238#issuecomment-2953934225 You are receiving this because you are subscribed to this thread. Message ID: <geany/geany/pull/4238/c2953934...@github.com>
