[issue28402] Add signed catalog files for stdlib on Windows
Steve Dower
report at bugs.python.org
Sun Oct 9 23:17:50 EDT 2016
New submission from Steve Dower:
On Windows, we sign all binaries with the PSF code signing certificate.
We can also sign all the standard library and tools .py files using a catalog, which will put the hashes of the original files into a signed bundle. This can then be validated by users (e.g. using "signtool.exe verify") at any point after installation. Worth noting that the OS does not automatically verify signatures in a catalog file.
It's only worthwhile doing this for files that may end up on a production machine - essentially, those files included in lib.msi and tools.msi (not test.msi, dev.msi or tcltk.msi).
----------
assignee: steve.dower
components: Windows
messages: 278400
nosy: paul.moore, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Add signed catalog files for stdlib on Windows
type: enhancement
versions: Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28402>
_______________________________________
More information about the Python-bugs-list
mailing list