Message 278400 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	paul.moore, steve.dower, tim.golden, zach.ware
Date	2016-10-10.03:17:48
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1476069470.02.0.829638678389.issue28402@psf.upfronthosting.co.za>
In-reply-to

Content
On Windows, we sign all binaries with the PSF code signing certificate. We can also sign all the standard library and tools .py files using a catalog, which will put the hashes of the original files into a signed bundle. This can then be validated by users (e.g. using "signtool.exe verify") at any point after installation. Worth noting that the OS does not automatically verify signatures in a catalog file. It's only worthwhile doing this for files that may end up on a production machine - essentially, those files included in lib.msi and tools.msi (not test.msi, dev.msi or tcltk.msi).

On Windows, we sign all binaries with the PSF code signing certificate.

We can also sign all the standard library and tools .py files using a catalog, which will put the hashes of the original files into a signed bundle. This can then be validated by users (e.g. using "signtool.exe verify") at any point after installation. Worth noting that the OS does not automatically verify signatures in a catalog file.

It's only worthwhile doing this for files that may end up on a production machine - essentially, those files included in lib.msi and tools.msi (not test.msi, dev.msi or tcltk.msi).

History
Date	User	Action	Args
2016-10-10 03:17:50	steve.dower	set	recipients: + steve.dower, paul.moore, tim.golden, zach.ware
2016-10-10 03:17:50	steve.dower	set	messageid: <1476069470.02.0.829638678389.issue28402@psf.upfronthosting.co.za>
2016-10-10 03:17:49	steve.dower	link	issue28402 messages
2016-10-10 03:17:48	steve.dower	create