View Issue Details

IDProjectCategoryView StatusLast Update
0001377OpenMPTGeneralpublic2020-10-08 10:59
ReporterASIKWUSpulse Assigned To 
Status newResolutionopen 
PlatformAllOSWindowsOS Version10
Target VersionOpenMPT 2.0 (very long term goals) 
Summary0001377: Making OpenMPT signed software

With each update windows 10 brings, it keeps adding small automations to "make microsoft have more controll over their OS and improving protection" and it's smartscreen feature is no exception. I personally feel it has made the UAC more agressive, since when you launch the installer nowadays, you get this windows where the "Run anyway" has become hidden. And if it takes another step in this direction, it will be obvious that microsoft's about to kill unverified software roaming around free today on their OS.

How hard is software signing? I've seen some other open source softwares like Notepad++ is signed.

TagsNo tags attached.
Has the bug occurred in previous versions?
Tested code revision (in case you know it)


related to 0001011 resolvedmanx Automatic update 




2020-10-08 09:35

administrator   ~0004464

See further discussion in 0001011.

Saga Musix

Saga Musix

2020-10-08 09:37

administrator   ~0004465

It's not hard, but expensive. You need to send out all sorts of legal documents to proof your identity to shady companies and that's not really something I want to do, and it costs a non-trivial amount of money that I think is better spent otherwise.
Most of the pain will go away with automatic updates (0001011) though, so you will only see the UAC prompt on first installation.



2020-10-08 09:40

administrator   ~0004466

Also, in the current situation, signing is actually infeasible for automated builds because we are building on at least 6 hosts for Windows, which are controlled by 2 different people and 1 unrelated organization (AppVeyor). A single signature certificate cannot be distributed to various hosts without defeating its very purpose.
The signature scheme used for the new automated updates uses a different certificate for each builds host, which avoids the security problems with certificate sharing. However, doing that for CA-signed code signing certificates would increase the costs even further.



2020-10-08 09:43

reporter   ~0004467

Ah I see

Saga Musix

Saga Musix

2020-10-08 09:49

administrator   ~0004468

Basically, the only way I personally can see the official installer that is downloadable from the front page (and which is currently only built by me, not by the buildbots) could get an official code-signing certificate is: Someone decides to sponsor a code-signing certificate for OpenMPT and commits to paying for it every year no matter if the certificate becomes more expensive or not. I don't want to rely on our regular donation pool for this because it's not predictable, and the cheapest available option for open-source code signing certificates (a company called Certum) have increased their prices multiple times in the past so one day those costs might be more than what we get in donations, in particular if maybe one day Certum decides to no longer offer their cheap(er) certificates for open-source software and we'd have to resort to a regular certificate (which is multiple hundreds of Euros typically). But I won't use my personal funds for buying a code-signing certificate, that's for sure.



2020-10-08 10:59

reporter   ~0004469

The world of open source seems to need a crowd-funded certificate organisation, like Creative Commons is a crowd-funded license organisation.

Issue History

Date Modified Username Field Change
2020-10-08 09:32 ASIKWUSpulse New Issue
2020-10-08 09:34 ASIKWUSpulse Description Updated
2020-10-08 09:35 manx Note Added: 0004464
2020-10-08 09:35 manx Relationship added related to 0001011
2020-10-08 09:35 manx Target Version => OpenMPT 2.0 (very long term goals)
2020-10-08 09:37 Saga Musix Note Added: 0004465
2020-10-08 09:40 manx Note Added: 0004466
2020-10-08 09:43 ASIKWUSpulse Note Added: 0004467
2020-10-08 09:49 Saga Musix Note Added: 0004468
2020-10-08 10:59 ASIKWUSpulse Note Added: 0004469