Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Acquire a code signing certificate #11

Open
alexrp opened this issue Mar 30, 2022 · 6 comments
Open

Acquire a code signing certificate #11

alexrp opened this issue Mar 30, 2022 · 6 comments
Assignees
@alexrp
Labels
area: documentation Issues related to the documentation. area: finances Issues related to the organization's finances. area: security Issues related to the organization's security. state: deliberation Issues that require design work and/or discussion.

Comments

@alexrp
Copy link
Member

alexrp commented Mar 30, 2022

This would allow us to sign our NuGet packages: https://docs.microsoft.com/en-us/nuget/create-packages/sign-a-package

Code signing certificates have to be renewed yearly and are somewhat costly depending on the provider.
@alexrp alexrp added state: deliberation Issues that require design work and/or discussion. type: feature area: finances Issues related to the organization's finances. area: security Issues related to the organization's security. labels Mar 30, 2022
@alexrp alexrp self-assigned this Mar 30, 2022
@alexrp
Copy link
Member Author

alexrp commented Apr 5, 2022
edited
Loading

We would likely use SignService to host the code signing in Azure (Azure App Service + Azure Key Vault Managed HSM).

@alexrp
Copy link
Member Author

alexrp commented Apr 5, 2022

GlobalSign seems like a good place to get an EV code signing certificate.

@alexrp alexrp added state: approved Enhancements and tasks that have been approved. and removed state: deliberation Issues that require design work and/or discussion. labels Apr 5, 2022
@alexrp
Copy link
Member Author

alexrp commented Apr 5, 2022
edited
Loading

Spent some time experimenting with SignService and I've mostly figured out how to use it. Just need to wait for #14 in order to actually buy the certificate.

@alexrp alexrp added state: blocked Issues that are blocked on some other issue or work. and removed state: approved Enhancements and tasks that have been approved. labels Apr 10, 2022
@alexrp alexrp changed the title Consider acquiring a code signing certificate Acquire a code signing certificate Apr 18, 2022
@alexrp alexrp transferred this issue from vezel-dev/.github Apr 28, 2022
@alexrp alexrp added state: approved Enhancements and tasks that have been approved. and removed state: blocked Issues that are blocked on some other issue or work. labels May 26, 2022
@alexrp
Copy link
Member Author

alexrp commented Dec 11, 2022

Seems like we can now avoid having to host SignService: https://github.com/dotnet/sign

@alexrp alexrp added the area: documentation Issues related to the documentation. label Feb 24, 2023
@alexrp
Copy link
Member Author

alexrp commented Jan 27, 2024

Need to figure out if we can actually obtain an EV certificate given our legal status under Open Collective Europe.

@alexrp
Copy link
Member Author

alexrp commented Jun 10, 2024

Need to figure out if we can actually obtain an EV certificate given our legal status under Open Collective Europe.

Talked to Open Collective Europe; the answer is no. We would have to go for an OV certificate, which comes with some downsides. Need to think more on whether this is even worth it. 🤔

@alexrp alexrp added state: deliberation Issues that require design work and/or discussion. and removed state: approved Enhancements and tasks that have been approved. labels Jun 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexrp alexrp

Labels
area: documentation Issues related to the documentation. area: finances Issues related to the organization's finances. area: security Issues related to the organization's security. state: deliberation Issues that require design work and/or discussion.
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexrp