Do we have anyway to confirm the current binary on the website is indeed what was produced by the package builder?
On 2/17/2016 4:00 PM, Nick Østergaard wrote: > Yeah, I was under the understanding that over time the cert would gain > reputation, but it seems that this is not happening. But it seems that > microsoft have a new tool one can use to submit the signature to them to > eventually accept it. > > Maybe there is a feature in that smartscreen thing for users to say ok > to microsoft for this signature. > > Den 17/02/2016 21.55 skrev "Wayne Stambaugh" <[email protected] > <mailto:[email protected]>>: > > This [see attached] display is rather alarming and I can understand > users being wary. I believe it's something that changed in the last > windows update. Before I only saw the unknown source warning dialog. > It would be nice if we could provide some measure of confidence that the > installer binary is really what we say it is for windows users. > > On 2/17/2016 3:41 PM, Nick Østergaard wrote: > > The installer is signed by Mark Roszko, I did consider adding the > > fingerprint on the download page, but I never got around to that. > > > > But I am sure it is fine, it is just the windows smartscreen > filter thing. > > "windows smartscreen", that's an oxymoron if I ever heard one. :) > > > > > It does not really say that it is malware, it just says that it comes > > from an unknown source. Nothing to worry about as such. > > > > Den 17/02/2016 20.12 skrev "Wayne Stambaugh" <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>: > > > > On 2/17/2016 2:09 PM, Simon Richter wrote: > > > Hi, > > > > > > On 17.02.2016 19:55, Wayne Stambaugh wrote: > > > > > >> Is there any way > > >> to confirm that the installer on the website hasn't been > compromised? > > > > > > That is a known problem with the heuristic detection: it > triggers > > often > > > on JIT compilers, so it is possible that we are getting false > > alarms here. > > > > I figured it was a false alarm but I want to give users some > reassurance > > that's all that it is. > > > > > > > >> Perhaps an md5sum of the original installer binary. Can > someone > > who has > > >> access to the packager builder please look into this for me. > > > > > > I'm extending the build script so the SHA sums of the > generated files > > > are recorded in the build log, then we can check them easily. > > > > Please let me know when the SHA sums have been generated and > where I can > > download them to compare against the binary I downloaded from the > > website. > > > > > > > > Simon > > > > > > > > > > > > _______________________________________________ > > > Mailing list: https://launchpad.net/~kicad-developers > > > Post to : [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > > Unsubscribe : https://launchpad.net/~kicad-developers > > > More help : https://help.launchpad.net/ListHelp > > > > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~kicad-developers > > Post to : [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > Unsubscribe : https://launchpad.net/~kicad-developers > > More help : https://help.launchpad.net/ListHelp > > > _______________________________________________ Mailing list: https://launchpad.net/~kicad-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~kicad-developers More help : https://help.launchpad.net/ListHelp
