Bitcoin binaries are not signed #2689

issue grue0 opened this issue on May 23, 2013
  1. grue0 commented at 9:41 PM on May 23, 2013: none

    For Windows builds, only the setup executable is signed. On Windows, it's customary for publishers to sign both the setup and binaries. I understand signing the executable doesn't increase tamper resistance during download. However, signing the run-time executable provides the following advantages:

    • any UAC dialog box will show Bitcoin Foundation as the publisher
    • it allows users who don't use the setup executable to verify the program's authenticity
    • the executable can later be verified for any tampering (especially when running across USB drives)
  2. Diapolo commented at 6:36 AM on May 24, 2013: none

    At least the UAC stuff is pointless, as you never need to run it with Admin-token :). I agree on the later 2 points.

  3. grue0 commented at 9:44 PM on May 30, 2013: none

    bump: 0.8.2 binaries are still not signed.

  4. laanwj commented at 5:13 AM on May 31, 2013: member

    Don't bump your issues, it makes you look like an impatient ass and won't help you get them implemented any faster. If you really want something implemented do it yourself. In this case add code signing to gitian.

    This is harder than it seems, as the determinism verification would have to ignore the developer specific signature...

    Also this will mean that the outer installer can no longer be checked with the trusted build process, as it includes an executable signed with the developer's key so it will always differ. Overall, this may make everything less secure instead of more secure.

  5. laanwj closed this on May 18, 2015

  6. MarcoFalke locked this on Sep 8, 2021
Contributors

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-19 15:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me