Getting a code signing certificate for Sage
75 views
Skip to first unread message
Erik Bray
May 22, 2018, 10:19:41 AM5/22/18
to sage-devel
I would like to be able to sign future versions of the Sage for
Windows installer. Not only does it just *look* more professional
(users don't get a "Installing software from an unknown provider"
message when they install Sage), it also protects are users from bogus
or tampered with copies of the installer.
Unfortunately, certs with a trusted authority chain that can be used
for code signing are not free; there is not yet any equivalent of
LetsEncrypt for software binaries. So we will have to pay a
certificate provider for one. Some of the cheapest I could find are
Comodo certs from https://codesigncert.com/#codepricing from $75/yr
(or slightly less for multi-year certs).
Can one of OpenDreamKit, Cocalc, Sagemath.org, etc. put up some
funding for purchasing a signing certificate for Sage? Once that's
done I'll need a copy of the cert and private key so that I can start
signing releases of Sage for Windows.
Thanks!
E
Windows installer. Not only does it just *look* more professional
(users don't get a "Installing software from an unknown provider"
message when they install Sage), it also protects are users from bogus
or tampered with copies of the installer.
Unfortunately, certs with a trusted authority chain that can be used
for code signing are not free; there is not yet any equivalent of
LetsEncrypt for software binaries. So we will have to pay a
certificate provider for one. Some of the cheapest I could find are
Comodo certs from https://codesigncert.com/#codepricing from $75/yr
(or slightly less for multi-year certs).
Can one of OpenDreamKit, Cocalc, Sagemath.org, etc. put up some
funding for purchasing a signing certificate for Sage? Once that's
done I'll need a copy of the cert and private key so that I can start
signing releases of Sage for Windows.
Thanks!
E
William Stein
May 22, 2018, 11:27:13 AM5/22/18
to sage-devel@googlegroups. com sage-devel@googlegroups. com
It would of course be natural for Sage Foundation to do this. Write to me off list.
--
You received this message because you are subscribed to the Google Groups "sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+...@googlegroups.com.
To post to this group, send email to sage-...@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.
Nicolas M. Thiery
May 23, 2018, 6:02:19 AM5/23/18
to sage-...@googlegroups.com
And in case there would be any administrative issue on the Sage
Foundation Side, ODK could certainly pay now for the next couple
years.
Cheers,
Nicolas
On Tue, May 22, 2018 at 08:26:58AM -0700, William Stein wrote:
> It would of course be natural for Sage Foundation to do this. Write to
> me off list.
>
> wrote:
>
> I would like to be able to sign future versions of the Sage for
> Windows installer. Not only does it just *look* more professional
> (users don't get a "Installing software from an unknown provider"
> message when they install Sage), it also protects are users from
> bogus
> or tampered with copies of the installer.
> Unfortunately, certs with a trusted authority chain that can be used
> for code signing are not free; there is not yet any equivalent of
> LetsEncrypt for software binaries. So we will have to pay a
> certificate provider for one. Some of the cheapest I could find are
> Comodo certs from [2]https://codesigncert.com/#codepricing from
>
> I would like to be able to sign future versions of the Sage for
> Windows installer. Not only does it just *look* more professional
> (users don't get a "Installing software from an unknown provider"
> message when they install Sage), it also protects are users from
> bogus
> or tampered with copies of the installer.
> Unfortunately, certs with a trusted authority chain that can be used
> for code signing are not free; there is not yet any equivalent of
> LetsEncrypt for software binaries. So we will have to pay a
> certificate provider for one. Some of the cheapest I could find are
> $75/yr
> (or slightly less for multi-year certs).
> Can one of OpenDreamKit, Cocalc, Sagemath.org, etc. put up some
> funding for purchasing a signing certificate for Sage? Once that's
> done I'll need a copy of the cert and private key so that I can
> start
> signing releases of Sage for Windows.
> Thanks!
> E
> --
> You received this message because you are subscribed to the Google
> Groups "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to [3]sage-devel+...@googlegroups.com.
> (or slightly less for multi-year certs).
> Can one of OpenDreamKit, Cocalc, Sagemath.org, etc. put up some
> funding for purchasing a signing certificate for Sage? Once that's
> done I'll need a copy of the cert and private key so that I can
> start
> signing releases of Sage for Windows.
> Thanks!
> E
> --
> You received this message because you are subscribed to the Google
> Groups "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it,
> To post to this group, send email to [4]sage-...@googlegroups.com.
> Visit this group at [5]https://groups.google.com/group/sage-devel.
> For more options, visit [6]https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [7]sage-devel+...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google
> Groups "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send
> To post to this group, send email to [8]sage-...@googlegroups.com.
> Visit this group at [9]https://groups.google.com/group/sage-devel.
> For more options, visit [10]https://groups.google.com/d/optout.
>
> Références
>
> 1. mailto:erik....@gmail.com
> 2. https://codesigncert.com/#codepricing
> 3. mailto:sage-devel+...@googlegroups.com
> 4. mailto:sage-...@googlegroups.com
> 5. https://groups.google.com/group/sage-devel
> 6. https://groups.google.com/d/optout
> 7. mailto:sage-devel+...@googlegroups.com
> 8. mailto:sage-...@googlegroups.com
> 9. https://groups.google.com/group/sage-devel
> 10. https://groups.google.com/d/optout
Nicolas
--
Nicolas M. Thiéry "Isil" <nth...@users.sf.net>
http://Nicolas.Thiery.name/
William Stein
May 23, 2018, 2:15:04 PM5/23/18
to sage-devel
Hi,
Let's switch to having ODK do this, since the Sage Foundation money
(small, and all from donations, but greatly appreciated!) never
expires, but ODK's does.
William
> To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+...@googlegroups.com.
> To post to this group, send email to sage-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.
--
William (http://wstein.org)
Let's switch to having ODK do this, since the Sage Foundation money
(small, and all from donations, but greatly appreciated!) never
expires, but ODK's does.
William
> To post to this group, send email to sage-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.
--
William (http://wstein.org)
Reply all
Reply to author
Forward
0 new messages