[python-committers] New Authenticode certificate

M.-A. Lemburg mal at egenix.com
Thu Jan 21 13:31:46 EST 2016

On 21.01.2016 17:40, Steve Dower wrote:
> (I forget exactly who to contact about the certificate, so I'm going slightly more broad.)
> The PSF's certificate we use to sign binaries and the installer for Windows is a SHA-1 certificate,
> which has been deprecated as of the start of the year: http://aka.ms/sha1
> Already Windows may warn about the certificate on our current and past releases, but because the
> signature is timestamped prior to 01Jan2016 it will not be blocked. However, our next releases will
> be blocked (with a bypass available) unless we update the certificate to SHA-2.
> Some sources have suggested that CAs will provide a SHA-2 certificate for free on request.
> Supporting Windows Vista and Windows Server 2008 appears to be complicated, according to the link I
> gave above. I want to test the effect of only signing with SHA-2 on those platforms and make a
> recommendation based on that, rather than trying to guess what will happen (those OSs did not block
> downloaded files as aggressively as Windows 7+).
> Happy to take this off list once I know who handles this certificate.

I'm the one who handles the PSF StartSSL account and yes,
they also do code signing certificates.

I'd suggest to take this offlist.

Marc-Andre Lemburg

Professional Python Services directly from the Experts (#1, Jan 21 2016)
>>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
>>> Python Database Interfaces ...           http://products.egenix.com/
>>> Plone/Zope Database Interfaces ...           http://zope.egenix.com/

::: We implement business ideas - efficiently in both time and costs :::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the python-committers mailing list