[python-committers] New Authenticode certificate
steve.dower at python.org
Thu Jan 21 11:40:15 EST 2016
(I forget exactly who to contact about the certificate, so I'm going
slightly more broad.)
The PSF's certificate we use to sign binaries and the installer for
Windows is a SHA-1 certificate, which has been deprecated as of the
start of the year: http://aka.ms/sha1
Already Windows may warn about the certificate on our current and past
releases, but because the signature is timestamped prior to 01Jan2016 it
will not be blocked. However, our next releases will be blocked (with a
bypass available) unless we update the certificate to SHA-2.
Some sources have suggested that CAs will provide a SHA-2 certificate
for free on request.
Supporting Windows Vista and Windows Server 2008 appears to be
complicated, according to the link I gave above. I want to test the
effect of only signing with SHA-2 on those platforms and make a
recommendation based on that, rather than trying to guess what will
happen (those OSs did not block downloaded files as aggressively as
Happy to take this off list once I know who handles this certificate.
More information about the python-committers