gpg4win expired code signing cert; please renew.
Werner Koch
wk at gnupg.org
Fri Oct 17 09:33:38 CEST 2025
Hi!
On Wed, 15 Oct 2025 20:53, have--- said:
> The current gpg4win code signing certificate[0] is notAfter:
> 2025-07-02 12:12:13. I wish to alert the gpg4win developers so they
> can renew it, and release gpg4win 5 (and other) packages signed with
Of course we are using a new Authenoitcode Cert. But we can't simply
resign old releases becuase this would require to entirely unpack
everything, resign the binaries, create a new installer and sign that
new installer. That is a different software then and requires a new
version.
Further: Authenticode signatures have a timestamp and thus you have
assurance when they were issued.
Gpg4win 5.0 is not too far away.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251017/f09c5e01/attachment.sig>
More information about the Gnupg-users
mailing list