digitalmars.D.bugs - [Issue 16065] New: Provide digitally signed binaries for Windows
- via Digitalmars-d-bugs (28/28) May 23 2016 https://issues.dlang.org/show_bug.cgi?id=16065
https://issues.dlang.org/show_bug.cgi?id=16065 Issue ID: 16065 Summary: Provide digitally signed binaries for Windows Product: D Version: D2 Hardware: All OS: Windows Status: NEW Severity: enhancement Priority: P1 Component: installer Assignee: nobody puremagic.com Reporter: 1337 lwshost.com Hi all! Would it be possible to provide digitally signed binaries for the DMD Windows installers? Additionally, though this is likely outside the scope, perhaps [eventually] LDC and GDC installers could be hosted here as well [and signed]? Currently they are delivered over HTTP, and there is no way to be certain that the files truly originated from the downloads.dlang.org server or somewhere else. Even if HTTPS and HSTS were made available, this wouldn't protect users in a hypothetical scenario where the web server itself was compromised or where a Man-in-the-Middle attack had replaced the D website with another website that had a 'valid certificate' issued by another CA. I realize that this may be tricky to add into the build/release process, as protecting the signing key now becomes a critical issue, but I wanted to bring it up as I saw no previous or existing issues that covered this topic. Thank you for your consideration. --
May 23 2016