[sword-devel] Signing of Binaries on macOS and Windows

Tobias Klein contact at tklein.info
Sat Aug 3 02:00:09 MST 2019


Hi,

when looking into building Ezra Project on Windows and macOS I ran into 
the topic of signing binaries (and on macOS on top of that: notarizing 
binaries).

Both on Windows and macOS the OS displays rather scary messages when you 
try to run binaries downloaded from the internet. They actually prevent 
you from doing that.
On both of those OSs I understand why Microsoft/Apple implemented this - 
considering all the malware/virus vulnerability issues.
However, those messages are then also shown for any binaries from Open 
Source projects if they are not properly signed.

Signing binaries requires the purchase of corresponding SSL certificates 
and also (with Apple) membership as registered developer.
We're looking at 99$ / year with Apple and (based on my research) at 
least 49€ / year for Windows code signing certificates.

Big open source projects all sign their binaries for Windows and macOS, 
but finance this once as a project.
I was wondering whether there could be a way to have this for the SWORD 
eco system as well?
So that the certificates are payed once and all SWORD-based projects 
could use them?

How are you handling the binary signing for your SWORD-based project?

Best regards,
Tobias




More information about the sword-devel mailing list