New submission from Steve Dower: On Windows, we sign all binaries with the PSF code signing certificate.
We can also sign all the standard library and tools .py files using a catalog, which will put the hashes of the original files into a signed bundle. This can then be validated by users (e.g. using "signtool.exe verify") at any point after installation. Worth noting that the OS does not automatically verify signatures in a catalog file. It's only worthwhile doing this for files that may end up on a production machine - essentially, those files included in lib.msi and tools.msi (not test.msi, dev.msi or tcltk.msi). ---------- assignee: steve.dower components: Windows messages: 278400 nosy: paul.moore, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Add signed catalog files for stdlib on Windows type: enhancement versions: Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28402> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
