Sign the EXE files for trust

[hichemfantar]

Suggestion

Installer EXE files should be properly signed for better trust of the packages on the website.

Use case

Guarantee that the distributed binaries are generated by a trusted party.

Extra info/examples/attachments

The proper instructions are available here.

[stalkerok]

#18022 (comment)

qBittorrent's installer/EXE is not signed. I think that's a requirement. It is extremely expensive and tedious to do so. (last time I checked)

[Balls0fSteel]

Ugh this has been mentioned so many times. Let me just find a few existing tickets about it. I even mentioned why it's not signed. It's not trivial, it's expensive to do so (you need a software cert) and it's a tedious process.

[Balls0fSteel]

#1376

I mentioned a few prices and links in there back then.

[c0bw3b]

Code signing is indeed becoming more and more important for trust in binary distribution, especially for software installed system-wide with elevated privileges.

Cost was an issue for FLOSS software but things have changed since 2014. There is now initiatives to provide code signing to open source project for free, such as SignPath:

• https://signpath.org/
• https://about.signpath.io/product/open-source

Vim or Transmission installers are signed this way.

[soredake]

MSIX packages can be signed for free when published to microsoft store for example https://www.advancedinstaller.com/msix-digital-signing.html

[luzpaz]

Close this as a dupe