[SERVER-51381] Sign Windows Executables Created: 05/Oct/20 Updated: 02/Feb/24 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Packaging |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Spencer Jackson | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Build
|
||||
| Participants: | |||||
| Description |
|
We currently sign our MSIs, but we don't sign our executables. Signing our executables would prevent users running our binaries from seeing a "Publisher could not be verified" warning, allow our publisher reputation to convince antivirus products that new, unseen, release artifacts are valid, and allow our binaries to participate in AppLocker policies which locked systems down to running software by trusted publishers. |