[QGIS-Developer] Question on signed windows installers

Jürgen E. Fischer jef at norbit.de
Tue Aug 22 01:41:33 PDT 2017

Hi Andreas,

On Tue, 22. Aug 2017 at 09:39:48 +0200, Neumann, Andreas wrote:
> I noticed that the Windows all-in-one installers are now signed (Open
> Source Geospatial Foundation). Is 2.18.12 the first signed version or
> were the previous versions also signed? 

Yes, it's the first one.

> In any case - wanted to report back that our AV scanner did not complain
> about 2.18.12, whereas it "swallowed" the QGIS 3 weekly without even
> visibly notifying (only in the log file one could see that QGIS 3 was
> sent to quarantine and the original installer file removed). Perhaps
> signing installers builds trust with AV software? Installing over
> OSGEO4W installer is always fine. 

The weeklies apparently weren't built for a while.  Did anyone else notice?

I added signing for the weekly yesterday.  Requires wine and in turn xvfb -
because we need to produce an extra installer that installs an uninstaller, so
we can sign it and include it in the actual installer - runs fine locally (but
w/o xvfb), but currently the final step crashes with a bus error on qgis2...


Jürgen E. Fischer           norBIT GmbH             Tel. +49-4931-918175-31
Dipl.-Inf. (FH)             Rheinstraße 13          Fax. +49-4931-918175-50
Software Engineer           D-26506 Norden             http://www.norbit.de
QGIS release manager (PSC)  Germany                    IRC: jef on FreeNode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20170822/365f0a1d/attachment.sig>

More information about the QGIS-Developer mailing list