Hi,
This would make a great enhancement, IMHO. If we trust the CA we trust
the module, and a "green" light should be shown somewhere.
I'd file an enhancement a JIRA for this.
Kind regards,
Antonio
On 24/03/18 12:49, stephen cumminger wrote:
You raised some good points. If I relate this back to MS Windows running an exe
file, the messages are different if the exe file was signed with a certificate
that has a trusted root. It does always present the Dialog asking the user if
they want to continue. If the exe is not signed as mentioned, the message
contains various warnings and the coloring of red in various places (as opposed
to green indicating MS was OK with the root certificate).
What would be ideal is if NetBeans could recognize that all nmb's were signed
with the same certificate and that the certificate was backed by a recognized
certificate authority, provide some summary information as Markus suggests and
perhaps include a green border or icon somehow. I withdraw my suggestion that
the Dialog should not appear at all. It is scary for my users though as they
would have been familiar with MS Windows popping up a very small dialog with
green in it from time to time, but never anything that looks like the NetBeans
Dialog.
I think the point should be that NetBeans should be able to state that it trusts that the
modules came from the provider indicated in the certificate, since it is backed with a
known CA authority. What we should be asking the user is "Do you trust this
supplier", in my situation. That would be a much easier question for my users to
answer.
Regards,
Stephen
-----Original Message-----
From: Markus Kilås <jmarkus+netbeans@kilås.se>
Sent: Saturday, March 24, 2018 8:05 AM
To: users@netbeans.apache.org
Subject: Re: Signing NBMs with a Trusted Certificate
On 03/22/2018 07:55 PM, stephen cumminger wrote:
I have a NetBeans RCP app based on version 8.2. I have a certificate
from a major trusted certificate provider (Comodo) that I use to sign
the NBMs that are posted to our Update Center. The question is "how do
I get rid of the following Dialog ?"
Hi Stephen, all,
I think this dialog box could be improved to make it easier for the user to
make a conscious decision on how to proceed. Getting rid of the dialog is
likely not wanted though.
I haven't yet looked into the details on exactly how this is handled in
NetBeans so please correct me if I am wrong but my understanding is like the
following:
The signature on your plugins has been verified with your code signing certificate and
that certificate has been verified to chain up to one of the trusted CAs in the system.
This is shown in the dialog as "Signed and Valid".
Somehow NetBeans identifies this as third-party plugins as opposite to let's say
"core plugins" coming from the NetBeans project and in this case the user has
to be consulted to make a decision about if this should be run or not.
Remember that anyone can get a code signing certificate and that it does not say that the
software from that publisher is safe to run or not. The certificate only says that it was
signed by the publisher say "Acme Software Inc.". So the user needs to decide
if it trusts that publisher to run code on its computer.
Unfortunately, the warning in this dialog is the same also for unsigned (and
self signed) plugins in which case the situation is much worse. In those cases
there are no guarantees that the plugins has not been tampered with or who
created them in the first place. For the user it is maybe not so easy to
distinguish between those cases.
For your case, what the user needs to do currently is to click on each of the plugins
under "Signed and Valid" and then click Show details to see who is the
publisher and then make a decision if it trusts that publisher or not.
It would have been more clear if the dialog somehow already provided the needed
information directly. Something like this:
"You are about to install a third-party plugin.
The signature has been verified correctly and comes from:
Acme Software Inc., US [Show Details]
Warning: only proceed if you trust that publisher to run code on your computer."
For the other cases (i.e. unsigned and self-signed) there should be a more
harsh message, more like the current one, so the user understands the risk if
it chooses to proceed and potentially compromise its computer.
Cheers,
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org
For additional commands, e-mail: users-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org
For additional commands, e-mail: users-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org
For additional commands, e-mail: users-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists