Not being able to leave your house, a laptop and internet connection... ideal
conditions to keep dinking around with stuff :)
> On Jan 13, 2024, at 10:53, Dirk wrote:
>
> In order to address some of these concerns, I built a new download page and
> some automation that keeps it updated. This happens with, at a minimum, a 1h
> time lag so that all binaries show up at the same time; this also gives us
> some margin of error if we merge something that fails that allows us to not
> post a release. And of course there's a mechanism to manually point at a
> different release.
So this should now be the https://subsurface-divelog.org/latest-release/ page -
clearly showing that this is the Latest CICD Release.
In addition, there is a https://subsurface-divelog.org/current-release/ Current
Release page. With the goal to iterate this more slowly - maybe once a week.
And, now that I had the time to figure out how this can work (see above), this
even links to a SIGNED macOS DMG.
> Finally, app signing.
> Given how painful macOS makes it to install unsigned apps, I think I'll need
> to figure out how to sign at least the "weekly" builds. I doubt that I can
> truly automate that, but maybe I can figure out a way to keep up with things.
Done
> As for Windows - that's a harder problem. The signing mechanisms for Windows
> are either prohibitively expensive (even with the generous donations from
> some of you - we are talking around $300-500 a year plus hardware cost (as I
> would need an actual real Windows machine for this -- apparently doing this
> in a VM no longer works) for what is essentially a blessed random number. The
> old system that was more affordable (~$100/year) has been killed by Microsoft
> when they started making additional requirements (including allowing signing
> certificates only when they are on hardware keys). And as I mentioned
> before, I'm seeing a lot more companies release unsigned apps for Windows
> again.
> If a better and more realistically priced solution pops up, I'll happily
> revisit this topic.
Also, some googling and following countless broken links later... it appears
there is a not quite as expensive option:
https://cheapsslsecurity.com/fastssl/code-signing-certificate.html
With the required hardware token, a three year certificate is about $500 with
shipping - so $170/yr. That is still a lot, but seems more doable.
Now all I would need is a Windows PC 🤣
So, question to the Windows users here... how often do you see unsigned apps?
How much of an issue is it to have the Subsurface installer not signed. As I
keep saying, I don't use Windows myself, so it's really hard to judge for me...
Thanks
/D
_______________________________________________
subsurface mailing list
subsurface@subsurface-divelog.org
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
