CloudCompare forum

Are there any plans to sign the installer or executables files?

We (and I am sure other companies) cannot get the software approved and past out vetting policies due to the installer and associated executables being unsigned which wil lin turn cause Microsoft AppLocker to block any attempt to install or run CloudCompare within our secure environment ?

Ah why not, I just don't know how to do that yet ;)

Any idea?

https://stackoverflow.com/questions/252 ... s-exe-file

I bet we just need to get a valid certificate then...

Yes - Needs a valid code sign certificate. The one to get is the EV certificate but this may be difficult to get without a business entity. The non-EV certificates once obtained require numerous installations to build reputation that is then attached to the certificate. In my experience this can take an LOT longer than expected and does not help bypass signed installer and executable requirements in the mean time.

Something like this should do the trick: https://ssl.comodo.com/ev-code-signing but as always, DYOR :)

Yes I looked at various solutions, but most of them involve paying... and we can't say that the project is overflown with donations :(

Thanks for the responses Daniel.

Ok, I have found the 'Open Source Code Signing' option from Certum. It's less than 60€ per year! Let's see how it works...

https://shop.certum.eu/open-source-code ... ysign.html

Ok, so I don't know how well it will work, but the installers and executables of the 2.12.beta version (normal and stereo) are now signed!

Great thanks for the notification Daniel. That will be a great help to us and I am sure others moving forward and will make future versions easier to get past our required compliance and security vetting procedures.

I have been dealing with our internal ITSec team and some external ITSec contacts and have managed to get approval for 2.11.3 as the latest stable version approved using file hashes rather than certificate.