Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQUEST] Scripts should be signed #1898

Open
twangboy opened this issue Feb 2, 2023 · 2 comments
Open

[FEATURE REQUEST] Scripts should be signed #1898

twangboy opened this issue Feb 2, 2023 · 2 comments
Assignees
@twangboy

Comments

@twangboy
Copy link
Contributor

twangboy commented Feb 2, 2023

Description of Issue/Question

We should probably sign our scripts when we do a release.

On Windows this means we can set the Execution Policy to "RemoteSigned" to add some security while still allowing the bootstrap script to run. I'm assuming we would want to sign the Linux script as well.

For Windows this would need to be an OV Certificate. I'm assuming we could use the same for Linux.
@s0undt3ch
Copy link
Contributor

We GPG sign the releases now, just download <script-name>.<ext>.asc

Could this be used for windows?

@dmurphy18 dmurphy18 changed the title Scripts should be signed [FEATURE REQUEST] Scripts should be signed Dec 13, 2024
@dmurphy18
Copy link
Contributor

@twangboy Currently have the sha256 checksums in the README, is this not enough to guarantee the sanctity of the script provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@twangboy twangboy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@s0undt3ch @twangboy @dmurphy18