Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add signed catalog files for stdlib on Windows #72588

Closed
zooba opened this issue Oct 10, 2016 · 2 comments
Closed

Add signed catalog files for stdlib on Windows #72588

zooba opened this issue Oct 10, 2016 · 2 comments
Assignees
@zooba
Labels
3.7 (EOL) end of life OS-windows type-feature A feature request or enhancement

Comments

@zooba
Copy link
Member

zooba commented Oct 10, 2016

BPO 28402
Nosy @pfmoore, @tjguk, @zware, @zooba
PRs
  • [Do Not Merge] Convert Misc/NEWS so that it is managed by towncrier #552
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/zooba'
closed_at = <Date 2016-10-10.03:20:17.792>
created_at = <Date 2016-10-10.03:17:49.958>
labels = ['type-feature', '3.7', 'OS-windows']
title = 'Add signed catalog files for stdlib on Windows'
updated_at = <Date 2017-03-31.16:36:38.878>
user = 'https://github.com/zooba'

    bugs.python.org fields:

    activity = <Date 2017-03-31.16:36:38.878>
actor = 'dstufft'
assignee = 'steve.dower'
closed = True
closed_date = <Date 2016-10-10.03:20:17.792>
closer = 'steve.dower'
components = ['Windows']
creation = <Date 2016-10-10.03:17:49.958>
creator = 'steve.dower'
dependencies = []
files = []
hgrepos = []
issue_num = 28402
keywords = []
message_count = 2.0
messages = ['278400', '278401']
nosy_count = 5.0
nosy_names = ['paul.moore', 'tim.golden', 'python-dev', 'zach.ware', 'steve.dower']
pr_nums = ['552']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue28402'
versions = ['Python 3.6', 'Python 3.7']
    @zooba
    Copy link
    Member Author

    zooba commented Oct 10, 2016

    On Windows, we sign all binaries with the PSF code signing certificate.

    We can also sign all the standard library and tools .py files using a catalog, which will put the hashes of the original files into a signed bundle. This can then be validated by users (e.g. using "signtool.exe verify") at any point after installation. Worth noting that the OS does not automatically verify signatures in a catalog file.

    It's only worthwhile doing this for files that may end up on a production machine - essentially, those files included in lib.msi and tools.msi (not test.msi, dev.msi or tcltk.msi).

    @zooba zooba added the 3.7 (EOL) end of life label Oct 10, 2016
    @zooba zooba self-assigned this Oct 10, 2016
    @zooba zooba added OS-windows type-feature A feature request or enhancement labels Oct 10, 2016
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Oct 10, 2016

    New changeset e050ed5da06d by Steve Dower in branch '3.6':
    Issue bpo-28402: Adds signed catalog files for stdlib on Windows.
    https://hg.python.org/cpython/rev/e050ed5da06d

    New changeset 27edae50e62c by Steve Dower in branch 'default':
    Issue bpo-28402: Adds signed catalog files for stdlib on Windows.
    https://hg.python.org/cpython/rev/27edae50e62c

    @zooba zooba closed this as completed Oct 10, 2016
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @zooba zooba

    Labels
    3.7 (EOL) end of life OS-windows type-feature A feature request or enhancement
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @zooba