This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Add signed catalog files for stdlib on Windows
Type: enhancement Stage: resolved
Components: Windows Versions: Python 3.7, Python 3.6
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: steve.dower Nosy List: paul.moore, python-dev, steve.dower, tim.golden, zach.ware
Priority: normal Keywords:

Created on 2016-10-10 03:17 by steve.dower, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 552 closed dstufft, 2017-03-31 16:36
Messages (2)
msg278400 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2016-10-10 03:17
On Windows, we sign all binaries with the PSF code signing certificate.

We can also sign all the standard library and tools .py files using a catalog, which will put the hashes of the original files into a signed bundle. This can then be validated by users (e.g. using "signtool.exe verify") at any point after installation. Worth noting that the OS does not automatically verify signatures in a catalog file.

It's only worthwhile doing this for files that may end up on a production machine - essentially, those files included in lib.msi and tools.msi (not test.msi, dev.msi or tcltk.msi).
msg278401 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-10-10 03:19
New changeset e050ed5da06d by Steve Dower in branch '3.6':
Issue #28402: Adds signed catalog files for stdlib on Windows.

New changeset 27edae50e62c by Steve Dower in branch 'default':
Issue #28402: Adds signed catalog files for stdlib on Windows.
Date User Action Args
2022-04-11 14:58:38adminsetgithub: 72588
2017-03-31 16:36:38dstufftsetpull_requests: + pull_request1107
2016-10-10 03:20:17steve.dowersetstatus: open -> closed
resolution: fixed
stage: resolved
2016-10-10 03:19:43python-devsetnosy: + python-dev
messages: + msg278401
2016-10-10 03:17:50steve.dowercreate