Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BUILDS: Provide digital signing on installation kits [CORE5996] #6246

Open
firebird-automations opened this issue Jan 31, 2019 · 0 comments
Open

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @helebor

John Frankland in firebird-devel and several other forums:
> What is the practice regarding digital signing of Firebird executables and installers etc.?
> Some releases have been signed with a "Firebird Inc" certificate in the past but it seems signing is not always done.
> Can signing be adopted as a policy?

Alex Peshkov in firebird-devel:
It's really funny. Sha256 checksums are provided for snapshot builds but not for releases.

Sean Leyne in firebird-devel:
SHA hashes are fine to validate downloads, but they are not the same as signing the install kits/executable.

Windows has increasingly made it difficult to install and/or run non-signed kits/executables.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant