[QGIS-Developer] Question on signed windows installers
Jürgen E. Fischer
jef at norbit.de
Tue Aug 22 01:41:33 PDT 2017
Hi Andreas,
On Tue, 22. Aug 2017 at 09:39:48 +0200, Neumann, Andreas wrote:
> I noticed that the Windows all-in-one installers are now signed (Open
> Source Geospatial Foundation). Is 2.18.12 the first signed version or
> were the previous versions also signed?
Yes, it's the first one.
> In any case - wanted to report back that our AV scanner did not complain
> about 2.18.12, whereas it "swallowed" the QGIS 3 weekly without even
> visibly notifying (only in the log file one could see that QGIS 3 was
> sent to quarantine and the original installer file removed). Perhaps
> signing installers builds trust with AV software? Installing over
> OSGEO4W installer is always fine.
The weeklies apparently weren't built for a while. Did anyone else notice?
I added signing for the weekly yesterday. Requires wine and in turn xvfb -
because we need to produce an extra installer that installs an uninstaller, so
we can sign it and include it in the actual installer - runs fine locally (but
w/o xvfb), but currently the final step crashes with a bus error on qgis2...
Jürgen
--
Jürgen E. Fischer norBIT GmbH Tel. +49-4931-918175-31
Dipl.-Inf. (FH) Rheinstraße 13 Fax. +49-4931-918175-50
Software Engineer D-26506 Norden http://www.norbit.de
QGIS release manager (PSC) Germany IRC: jef on FreeNode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20170822/365f0a1d/attachment.sig>
More information about the QGIS-Developer
mailing list