[Bf-committers] Vendor Approval Issue
Martijn Berger
martijn.berger at gmail.com
Sun Nov 9 16:29:39 CET 2014
Hi everyone.
I think this is a great idea.
I would like to propose the following steps.
1) We put in place the infrastructure
2) We use a self signed certificate ( blender foundation CA ) to sign our
buildbot builds and installers.
3) We buy / beg an official certificate to the signing.
This would allow us to delay spending the money till we can actually use
the certificate. There are no real hurdles to just doing this but lets
prove it works first.
Martijn
On Fri, Nov 7, 2014 at 1:39 AM, Dan McGrath <danmcgrath.ca at gmail.com> wrote:
> Hey Ton,
>
> Well, the cert is just like any other SSL/x.509 certificate you would get,
> except the properties of the certificate allow (limit) it to be used
> specifically for signing code. You can get certs that can be set to only be
> used for email, signing or encryption etc. The thing that makes this use of
> the certificate unique (compared to regular SSL certificates) is that you
> use special tools on Windows to sign binary files (as opposed to installing
> in a web server like we do with SSL). Although given the special purpose of
> making your software look reputable and legitimate, they (the industry) of
> course demand a premium for the cost of generating these certificates (ie:
> they charge you up the wazoo!). Like our EV certificates, I believe they
> also go through extra identity checks before they just hand one of these
> certificates over to you.
>
> Comodo (our certificate provider) offers these certificates as well if you
> are interested (Starting at $166.95/year):
>
>
>
> https://www.comodo.com/business-security/code-signing-certificates/code-signing.php
>
> With one of those, you should be able to follow the steps in the Microsoft
> url I pasted earlier to do code signing. I believe you could even generate
> your own self signed CA cert and create one of these code signing
> certificates to test the tools, but such a certificate would not be trusted
> of course, and would only be useful to practice the workflow.
>
>
> Dan
>
>
> On Thu, Nov 6, 2014 at 12:37 PM, Ton Roosendaal <ton at blender.org> wrote:
>
> > Hi,
> >
> > I don't mind paying a bit, for as long it's an undisputed, official cert
> > recommended by Microsoft.
> >
> > -Ton-
> >
> > --------------------------------------------------------
> > Ton Roosendaal - ton at blender.org - www.blender.org
> > Chairman Blender Foundation - Producer Blender Institute
> > Entrepotdok 57A - 1018AD Amsterdam - The Netherlands
> >
> >
> >
> > On 6 Nov, 2014, at 15:51, Dan McGrath wrote:
> >
> > > It sounds like Microsoft calls this "athenticode". I don't have any
> > > personal experience with it myself, but I did find this url at
> > Microsoft's
> > > website that might be of use to those looking into this:
> > >
> > > http://msdn.microsoft.com/en-us/library/ie/ms537359(v=vs.85).aspx
> > >
> > > Dan
> > >
> > > On Thu, Nov 6, 2014 at 9:12 AM, Ton Roosendaal <ton at blender.org>
> wrote:
> > >
> > >> Hi all,
> > >>
> > >> For OS X we sign the binary using our Apple developer account.
> > >> It seems there's a similar system for Windows exes too.
> > >> Please advice!
> > >>
> > >> (See mail below).
> > >>
> > >> -Ton-
> > >>
> > >> --------------------------------------------------------
> > >> Ton Roosendaal - ton at blender.org - www.blender.org
> > >> Chairman Blender Foundation - Producer Blender Institute
> > >> Entrepotdok 57A - 1018AD Amsterdam - The Netherlands
> > >>
> > >>
> > >>
> > >> Begin forwarded message:
> > >>
> > >>> Subject: Vendor Approval Issue
> > >>> Date: 6 November, 2014 14:17:11 CET
> > >>> To: foundation at blender.org
> > >>>
> > >>> Hi
> > >>>
> > >>> I have a generic issue that needs addressing so I have contacted
> > >>> this email address in the hope that you can redirect it
> > >>> appropriately.
> > >>>
> > >>> I use Comodo Internet Security Premium which includes a Defense
> > >>> Plus element for monitoring running processes. Whilst I have
> > >>> approved Blender as a process it refuses to recognise the Vendor as
> > >>> the .exe file is not signed and has no developer information so it
> > >>> will not allow me to add it to the approved list and keeps flagging
> > >>> it every time I launch Blender.
> > >>>
> > >>> I am bringing this to your attention as it is annoying and I am
> > >>> sure other users are experiencing the same issue and it could be
> > >>> easily resolved but that can only be done by the development team.
> > >>>
> > >>> Trusted Vendors can sign up here to be whitelisted:
> > >>>
> > >>> http://internetsecurity.comodo.com/trustedvendor/signup.php
> > >>>
> > >>> Many thanks
> > >>>
> > >>> Mark
> > >>>
> > >>
> > >> _______________________________________________
> > >> Bf-committers mailing list
> > >> Bf-committers at blender.org
> > >> http://lists.blender.org/mailman/listinfo/bf-committers
> > >>
> > > _______________________________________________
> > > Bf-committers mailing list
> > > Bf-committers at blender.org
> > > http://lists.blender.org/mailman/listinfo/bf-committers
> >
> > _______________________________________________
> > Bf-committers mailing list
> > Bf-committers at blender.org
> > http://lists.blender.org/mailman/listinfo/bf-committers
> >
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>
More information about the Bf-committers
mailing list