Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Oct 2, 2012, 5:18:59 AM (11 years ago)
- Author:
-
datallah
- Comment:
-
Add GPG information about the windows builds
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v5
|
v6
|
|
| 32 | 32 | |
| 33 | 33 | === Windows Installers === |
| 34 | | As of Pidgin 2.10.7, the Windows installers are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a key with a thumbprint of `C5476901C3C63FABF54CEBA9E3F887932A9579B5`. |
| | 34 | As of Pidgin 2.10.7, the various Windows binaries are signed in two ways. |
| | 35 | * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a certificate with a thumbprint of `C5476901C3C63FABF54CEBA9E3F887932A9579B5` |
| | 36 | * all distributed packages (installers, debug symbols, binary zip file, gtk bundle zip file) are signed with [http://www.gnupg.org/ GPG] by Daniel Atallah (`DE890574`). |
| 35 | 37 | |
| 36 | | The |
| | 38 | The authenticode signature can be verified most easily by using Windows Explorer to look at the Properties of the installer executable. |
| 37 | 39 | In the "Digital Signatures" tab, you can look at the Details of the signature, "View Certificate", and compare the (case-insensitive, whitespace-insensitive) "Thumbprint" value in the "Details" tab to the value listed above. |
| 38 | 40 | |
| 39 | 41 | [[Image(windows_cert_verify_thumbprint.jpg)]] |
| 40 | 42 | |
| 41 | | Alternatively, the signature can be verified using Microsoft's `signtool.exe` utility (which, unfortunately, in order to obtain, requires that you install the at least parts of Microsoft Platform SDK). |
| | 43 | Alternatively, authenticode the signature can be verified using Microsoft's `signtool.exe` utility (which, unfortunately, in order to obtain, requires that you install the at least parts of Microsoft Platform SDK). |
| | 44 | |
| | 45 | GPG signatures can be verified on Windows in the same way as they're validated on other operating systems (see [wiki:"Are the packages signed#SourceTarballs" above]). GPG binaries for windows are [http://gpg4win.org/ available] - be sure to read the notes about how to validate your GPG binaries :)! |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
