You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Primarily, this lets any user be completely sure that the software they're installing actually came from you. Should a malicious actor get your publishing keys, they would also need to get a hold of your signing keys as well in order to really do damage.
We would like to restrict our client machines to only run trusted signed code. Currently to run step-cli this requires a whitelist exception in our policy for the executable, which of course changes between versions, and should a company implement an exception incorrectly (or even correctly depending on the limitations of their security software) it could result in malicious code taking advantage of the hole and infecting the network.
The text was updated successfully, but these errors were encountered:
Hello!
Issue details
The package installed on windows machines is unsigned, which is a security risk.
This can be achieved using "signtool" which is part of the Windows SDK:
https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
Why is this needed?
Primarily, this lets any user be completely sure that the software they're installing actually came from you. Should a malicious actor get your publishing keys, they would also need to get a hold of your signing keys as well in order to really do damage.
We would like to restrict our client machines to only run trusted signed code. Currently to run step-cli this requires a whitelist exception in our policy for the executable, which of course changes between versions, and should a company implement an exception incorrectly (or even correctly depending on the limitations of their security software) it could result in malicious code taking advantage of the hole and infecting the network.
The text was updated successfully, but these errors were encountered: