Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Software security for ImageGlass #97

Closed
d2phap opened this issue Jul 4, 2016 · 8 comments
Closed

Software security for ImageGlass #97

d2phap opened this issue Jul 4, 2016 · 8 comments
Labels
✨ feature request 👌 ready
Milestone
Issues 8.3

Comments

@d2phap
Copy link
Owner

d2phap commented Jul 4, 2016
edited
Loading

From Yawn:

Can you please use HTTPS (letsencrypt.org) and / or sign your Windows executable?
@d2phap d2phap added this to the 3.2.0.16 milestone Jul 4, 2016
@d2phap d2phap modified the milestone: 3.2.0.16 Aug 17, 2016
@d2phap d2phap closed this as completed Jan 21, 2017
@Abdull
Copy link

Abdull commented May 27, 2017

It'd be great if ImageGlass' installer was signed, giving an additional layer of security to the existing method of comparing the SHA1 checksum provided at http://www.imageglass.org with the github.com EXE release.

System info:

  • ImageGlass version: 4.0.4.15
  • OS version: Windows 10

Other info:

Lately, some open source projects' websites were compromised (see e.g. HandBrake), having their installers infected. Having a signed installer gives confidence that this executable wasn't tampered with by a malicious actor.

@d2phap
Copy link
Owner Author

d2phap commented May 29, 2017

Hi @Abdull

Thanks for the information.
I also aware to this. However, currently I cannot effort for the code signing certificate.
The donation is just enough to cover hosting and domain service for a year.

As you can see, there is no ads in the app and the website because i don't want to interrupt user experience.
Anyway, I will try to do this by somehow.

@d2phap d2phap reopened this May 29, 2017
@Abdull
Copy link

Abdull commented Jun 7, 2017

Thank you for reopening this issue. I'm happy to donate and wish you lots of follow-up donators in order to realize this request.

@d2phap
Copy link
Owner Author

d2phap commented Jun 8, 2017

Thanks @Abdull for the donation.
I really appreciate it 👍

@d2phap
Copy link
Owner Author

d2phap commented May 26, 2018

updated:
I've just moved to the new web server with SSL Cert.

what's next:
I will try to effort for a code signing cert for exe file

@cela96
Copy link

cela96 commented Feb 17, 2020

Forgive the answer if i say something incorrect but moving the link to installer on github/releases mantaining the cecksum on https://imageglass.org/ wouldn't improve the security?
The installer and the cecksum would actually be on two separate platforms with less risk for hacking.

@d2phap
Copy link
Owner Author

d2phap commented Feb 17, 2020

Hi @cela96
The installer/zip binary files of ImageGlass are currently hosted on Github. The ones on its website are just shortcut and link to Github.

:)

@d2phap d2phap mentioned this issue Dec 9, 2020
Closed
d2phap added a commit that referenced this issue Jan 14, 2022
@d2phap
Code signing for all bin files #97
182f02d
d2phap added a commit that referenced this issue Jan 15, 2022
@d2phap
remove code signing post-build cmd
7be8695 
#97
d2phap added a commit that referenced this issue Jan 15, 2022
@d2phap
use code_signing.bat to manually sign
6194c2e 
#97
@d2phap d2phap added this to the Issues 8.3 milestone Jan 15, 2022
@d2phap
Copy link
Owner Author

d2phap commented Jan 21, 2022
edited
Loading

ImageGlass 8.5 released with all binary files are signed.

image

@d2phap d2phap closed this as completed Jan 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
✨ feature request 👌 ready
Projects
None yet
Milestone
Issues 8.3
Development

No branches or pull requests
3 participants
@Abdull @d2phap @cela96