The fingerprint. @Mark, do you have it handy?
2016-02-17 22:25 GMT+01:00 Wayne Stambaugh <[email protected]>: > Do we have anyway to confirm the current binary on the website is indeed > what was produced by the package builder? > > On 2/17/2016 4:00 PM, Nick Østergaard wrote: >> Yeah, I was under the understanding that over time the cert would gain >> reputation, but it seems that this is not happening. But it seems that >> microsoft have a new tool one can use to submit the signature to them to >> eventually accept it. >> >> Maybe there is a feature in that smartscreen thing for users to say ok >> to microsoft for this signature. >> >> Den 17/02/2016 21.55 skrev "Wayne Stambaugh" <[email protected] >> <mailto:[email protected]>>: >> >> This [see attached] display is rather alarming and I can understand >> users being wary. I believe it's something that changed in the last >> windows update. Before I only saw the unknown source warning dialog. >> It would be nice if we could provide some measure of confidence that the >> installer binary is really what we say it is for windows users. >> >> On 2/17/2016 3:41 PM, Nick Østergaard wrote: >> > The installer is signed by Mark Roszko, I did consider adding the >> > fingerprint on the download page, but I never got around to that. >> > >> > But I am sure it is fine, it is just the windows smartscreen >> filter thing. >> >> "windows smartscreen", that's an oxymoron if I ever heard one. :) >> >> > >> > It does not really say that it is malware, it just says that it comes >> > from an unknown source. Nothing to worry about as such. >> > >> > Den 17/02/2016 20.12 skrev "Wayne Stambaugh" <[email protected] >> <mailto:[email protected]> >> > <mailto:[email protected] <mailto:[email protected]>>>: >> > >> > On 2/17/2016 2:09 PM, Simon Richter wrote: >> > > Hi, >> > > >> > > On 17.02.2016 19:55, Wayne Stambaugh wrote: >> > > >> > >> Is there any way >> > >> to confirm that the installer on the website hasn't been >> compromised? >> > > >> > > That is a known problem with the heuristic detection: it >> triggers >> > often >> > > on JIT compilers, so it is possible that we are getting false >> > alarms here. >> > >> > I figured it was a false alarm but I want to give users some >> reassurance >> > that's all that it is. >> > >> > > >> > >> Perhaps an md5sum of the original installer binary. Can >> someone >> > who has >> > >> access to the packager builder please look into this for me. >> > > >> > > I'm extending the build script so the SHA sums of the >> generated files >> > > are recorded in the build log, then we can check them easily. >> > >> > Please let me know when the SHA sums have been generated and >> where I can >> > download them to compare against the binary I downloaded from the >> > website. >> > >> > > >> > > Simon >> > > >> > > >> > > >> > > _______________________________________________ >> > > Mailing list: https://launchpad.net/~kicad-developers >> > > Post to : [email protected] >> <mailto:[email protected]> >> > <mailto:[email protected] >> <mailto:[email protected]>> >> > > Unsubscribe : https://launchpad.net/~kicad-developers >> > > More help : https://help.launchpad.net/ListHelp >> > > >> > >> > _______________________________________________ >> > Mailing list: https://launchpad.net/~kicad-developers >> > Post to : [email protected] >> <mailto:[email protected]> >> > <mailto:[email protected] >> <mailto:[email protected]>> >> > Unsubscribe : https://launchpad.net/~kicad-developers >> > More help : https://help.launchpad.net/ListHelp >> > >> _______________________________________________ Mailing list: https://launchpad.net/~kicad-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~kicad-developers More help : https://help.launchpad.net/ListHelp
