New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gen-keys: add scripts to generate secrets #70
base: main
Are you sure you want to change the base?
Conversation
Is this useful? Do we want this? |
This allows users to fork this repo and easily build their own signed binaries, which is very useful in my opinion. Then consider enable PE binary integritycheck (-Xlink=-integritycheck) by default. |
Speaking of |
Yes, Windows will refuse to execute curl.exe and issue a warning if curl.exe has been maliciously or accidentally damaged.
I obviously forgot about this. For self-signed certificates, the CA need to be installed. So integritycheck shouldn't be enabled by default, but I think curl-for-win should sign official builds with a recognized code signing certificate, and then users can choose to sign their own builds with self-signed certificates. |
It would be nice indeed, but non-self-signed certs have a few massive roadblocks:
I haven't read about this more than these two announcements, and some pain Legalese, money still required and the non-reproducibility issue likely remains. Same / similar dance, with completely different actual steps with Apple/macOS. |
3db6ba6
to
0403cd7
Compare
code signature script is sourced from: https://gist.github.com/vszakats/7ef9e86506f5add961bae0412ecbe696
ping
To make binary blobs (secret keys) stored in the repo transparent,
here are the scripts that can generate those.
code signature script sourced from:
https://gist.github.com/vszakats/7ef9e86506f5add961bae0412ecbe696