Certificate revoked #29
Comments
|
Unsigned version from https://code.google.com/archive/p/svg-explorer-extension/downloads works fine. |
|
thanks @Akababa. I added the unsigned binary install programs to the Github releases: https://github.com/maphew/svg-explorer-extension/releases/tag/v0.1.1 |
|
Perhaps you want to offer some more details as to why the certificate was revoked. A certificate revocation on a code signing certificate is a serious event. Telling people to just move to an unsigned version doesn't address concerns over, say, why the certificate was revoked in the first place. |
|
I have no clue why it was revoked.
That certificate is so old I have no access to any of it anymore.
The free certificate offering for open source code was discontinued, so I don’t actually know from where to get a new certificate cheap.
Tibold Kandrai
Software Architect & Engineer
…________________________________
From: Kurt Fitzner <notifications@github.com>
Sent: Wednesday, May 20, 2020 3:56:39 PM
To: tibold/svg-explorer-extension <svg-explorer-extension@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: Re: [tibold/svg-explorer-extension] Certificate revoked (#29)
Perhaps you want to offer some more details as to why the certificate was revoked. A certificate revocation on a code signing certificate is a serious event. Telling people to just move to an unsigned version doesn't address concerns over, say, why the certificate was revoked in the first place.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#29 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAPCDA2CILDDSXOFQXQR6N3RSPORPANCNFSM4JUSMMJA>.
|
|
I would recommend Certum. They offer open source code signing certificates for €25, which is the cheapest I know about. Unfortunately, I don't know of any more free code signing certificates for open source developers. |
|
Thanks,
I was considering that too. They were the ones that offered the free one as well.
|
|
perhaps CodeNotary? See ad post: https://medium.com/vchaincodenotary/developers-unite-against-the-expensive-and-cumbersome-code-signing-certificates-d54342016a64. |
|
From what I can tell, CodeNotary is a side-channel software verification system that doesn't interface with the Windows installer. How much you have to pay for it no one can actually see, because they are careful not to say anywhere how much you have to pay until after you sign up for the "free 30 day trial". It looks like they have a community edition which is free to use, but I can't verify that with them. Yet another company who thinks that "blockchain" will attract investors. If you are going to force your users to install something to verify your signatures, why not get them to add hash-checking to their context menu? That then will work for all open source projects and not just the ones who use codenotary. |
It's blocked by windows UAC -- is this still safe?
The text was updated successfully, but these errors were encountered: