Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TODO: Sign executables #4

Open
seesharprun opened this issue Oct 17, 2022 · 3 comments
Open

TODO: Sign executables #4

seesharprun opened this issue Oct 17, 2022 · 3 comments

Comments

@seesharprun
Copy link
Contributor

The current GitHub actions release unsigned executables. The executables should be automatically signed using a code signing certificate.
@seesharprun
Copy link
Contributor Author

See https://github.com/dotnet/sign

@philnach
Copy link
Collaborator

philnach commented Mar 2, 2025

@markjbrown, @bowencode, I think this could be a good idea. There's a free solution for Open Source projects: https://signpath.org. Would either of you object for me to make this happen. Having code signing present will enable dmt to run on macOS and Windows without being blocked by the respective OS checkers.

@markjbrown
Copy link
Collaborator

Yes, that would be good as this needs to work smoothly for new users or users onboarding a new workload.

@philnach I did a scan of our OSS docs on opensource.microsoft.com and cannot find anything that covers code signing so looks like no policies, etc. cover how or even if we do this. Would you mind taking a look at those docs too and be sure? I want to make sure we stay in compliance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@markjbrown @seesharprun @philnach