kicad-developers team mailing list archive

[Nick Østergaard <oe.nick@xxxxxxxxx>]

Yeah, I was under the understanding that over time the cert would gain
reputation, but it seems that this is not happening. But it seems that
microsoft have a new tool one can use to submit the signature to them to
eventually accept it.

Maybe there is a feature in that smartscreen thing for users to say ok to
microsoft for this signature.
Den 17/02/2016 21.55 skrev "Wayne Stambaugh" <stambaughw@xxxxxxxxx>:

> This [see attached] display is rather alarming and I can understand
> users being wary.  I believe it's something that changed in the last
> windows update.  Before I only saw the unknown source warning dialog.
> It would be nice if we could provide some measure of confidence that the
> installer binary is really what we say it is for windows users.
>
> On 2/17/2016 3:41 PM, Nick Østergaard wrote:
> > The installer is signed by Mark Roszko, I did consider adding the
> > fingerprint on the download page, but I never got around to that.
> >
> > But I am sure it is fine, it is just the windows smartscreen filter
> thing.
>
> "windows smartscreen", that's an oxymoron if I ever heard one. :)
>
> >
> > It does not really say that it is malware, it just says that it comes
> > from an unknown source. Nothing to worry about as such.
> >
> > Den 17/02/2016 20.12 skrev "Wayne Stambaugh" <stambaughw@xxxxxxxxx
> > <mailto:stambaughw@xxxxxxxxx>>:
> >
> >     On 2/17/2016 2:09 PM, Simon Richter wrote:
> >     > Hi,
> >     >
> >     > On 17.02.2016 19:55, Wayne Stambaugh wrote:
> >     >
> >     >> Is there any way
> >     >> to confirm that the installer on the website hasn't been
> compromised?
> >     >
> >     > That is a known problem with the heuristic detection: it triggers
> >     often
> >     > on JIT compilers, so it is possible that we are getting false
> >     alarms here.
> >
> >     I figured it was a false alarm but I want to give users some
> reassurance
> >     that's all that it is.
> >
> >     >
> >     >> Perhaps an md5sum of the original installer binary.  Can someone
> >     who has
> >     >> access to the packager builder please look into this for me.
> >     >
> >     > I'm extending the build script so the SHA sums of the generated
> files
> >     > are recorded in the build log, then we can check them easily.
> >
> >     Please let me know when the SHA sums have been generated and where I
> can
> >     download them to compare against the binary I downloaded from the
> >     website.
> >
> >     >
> >     >    Simon
> >     >
> >     >
> >     >
> >     > _______________________________________________
> >     > Mailing list: https://launchpad.net/~kicad-developers
> >     > Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> >     <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
> >     > Unsubscribe : https://launchpad.net/~kicad-developers
> >     > More help   : https://help.launchpad.net/ListHelp
> >     >
> >
> >     _______________________________________________
> >     Mailing list: https://launchpad.net/~kicad-developers
> >     Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> >     <mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
> >     Unsubscribe : https://launchpad.net/~kicad-developers
> >     More help   : https://help.launchpad.net/ListHelp
> >
>