[tech] Signing builds

Mansfield mansfield at ondollo.com
Fri Jan 15 01:59:28 GMT 2021


Good evening!

I feel like the last time I asked a question there were great responses and
I have another question where I'm hoping to learn how others would approach
it.

I'm wrapping up work on a Gemini client and planning on producing builds
for Linux/Darwin/Windows. (32-bit and 64-bit... which I think(?) is
standard...)

When I test the Windows binary executable there are several warning dialogs
that pop up talking about how the exe hasn't been signed and is unknown and
might be best to not let run. I think that Code Signing certificates and
signing the binary are the generally recommended approach to overcome that.

I looked into Code Signing certificates and I found some that seem like
they'd work for the Windows builds (from the little that I know... all I
need is something called a Code Signing certificate... I don't *think*
there's any OS-specific aspect), but they're $100/yr. Not horrible, but
certainly more than expected. In my ignorance it feels odd that there's
nothing like LetsEncrypt for Code Signing certificates.

So the question is this: If you were producing a stand-alone binary
executable meant to run on Windows and you wanted to minimize the install
friction (like not having the warnings described above), how would you
approach that?

One solution: I could just hope that users would be willing and/or able to
ignore the warnings and install it anyway. Keeps costs down... keeps build
process simple. Might not have as much adoption as hoped.

Another solution: Pay the yearly fee, sign the builds, avoid the warnings.
(I'm also not sure how the certificate will verify I'm trustworthy when I'm
not so certain I want any personally identifiable information to be shared
with whoever will be running me through whatever process - I dream of
something simple like a dns cname record to prove ownership and the cert
then saying the builds were produced by the owner of the domain... or
something...).

Third option: On the side, I've also written a modified HTTP/HTML server to
use a gemini client and make it super easy to browse Gemini space *without*
installing a client, but I'm reluctant to have feature-parity between that
browser-based client and this standalone binary client. I could just go
with, "Install the unsigned client if you want and if you're uncomfortable
with that feel free to use the browser-based one, but you're missing out if
you don't install the standalone one".

Thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210114/e6533018/attachment.htm>


More information about the Gemini mailing list