Main Area and Open Discussion > General Software Discussion

heads-up for big changes affecting signed installers

(1/1)

umeca74:
most people are not aware that there is a big shake-down of SHA1 code signing certificates coming first thing in 2016. If you sell or distribute digitally signed software you must be aware of the changes and get prepared. For more information see here

http://zabkat.com/blog/code-signing-sha1-armageddon.htm

please spread the word!
merry christmas
nikos

PS. i see there was a brief discussion about this but it affects everybody not just mouser

x16wda:
So what would this mean for an end user? All the myriad of installers that are out there now would appear to have invalid signatures if installed??

Jibz:
From a cursory glance; for end users it means nothing, for developers it means they may have to buy a new certificate in order for their future signatures to look properly validated.

umeca74:
the end user running windows 7 or later will see many installers that appear untrusted, so he will probably just not install your program. It is dead serious

Jibz:
Well, he does say existing files signed before that date will be tolerated, so (at least for now) it is a question of whether you need a new key for future apps.

Navigation

[0] Message Index