starred/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2026-03-02 22:57:32 -05:00
Code Issues 2.6k Projects Packages Wiki Activity

Sign the EXE files for trust #13982

New issue
Open
opened 2026-02-22 00:33:05 -05:00 by deekerman · 8 comments
deekerman commented 2026-02-22 00:33:05 -05:00
Owner
Copy link

Originally created by @clicktodev on GitHub (Nov 17, 2022).

Suggestion

Installer EXE files should be properly signed for better trust of the packages on the website.

Use case

Guarantee that the distributed binaries are generated by a trusted party.

Extra info/examples/attachments

The proper instructions are available here.

Originally created by @clicktodev on GitHub (Nov 17, 2022). ### Suggestion Installer EXE files should be properly signed for better trust of the packages on the website. ### Use case Guarantee that the distributed binaries are generated by a trusted party. ### Extra info/examples/attachments The proper instructions are available [here](https://learn.microsoft.com/en-us/windows/win32/appxpkg/how-to-sign-a-package-using-signtool).
deekerman commented 2026-02-22 00:33:10 -05:00
Author
Owner
Copy link

@stalkerok commented on GitHub (Nov 17, 2022):

https://github.com/qbittorrent/qBittorrent/issues/18022#issuecomment-1315056483

qBittorrent's installer/EXE is not signed. I think that's a requirement. It is extremely expensive and tedious to do so. (last time I checked)

@stalkerok commented on GitHub (Nov 17, 2022): https://github.com/qbittorrent/qBittorrent/issues/18022#issuecomment-1315056483 > qBittorrent's installer/EXE is not signed. I think that's a requirement. It is extremely expensive and tedious to do so. (last time I checked)
deekerman commented 2026-02-22 00:33:14 -05:00
Author
Owner
Copy link

@Balls0fSteel commented on GitHub (Nov 17, 2022):

Ugh this has been mentioned so many times. Let me just find a few existing tickets about it. I even mentioned why it's not signed. It's not trivial, it's expensive to do so (you need a software cert) and it's a tedious process.

@Balls0fSteel commented on GitHub (Nov 17, 2022): Ugh this has been mentioned so many times. Let me just find a few existing tickets about it. I even mentioned why it's not signed. It's not trivial, it's expensive to do so (you need a software cert) and it's a tedious process.
deekerman commented 2026-02-22 00:33:14 -05:00
Author
Owner
Copy link

@Balls0fSteel commented on GitHub (Nov 17, 2022):

https://github.com/qbittorrent/qBittorrent/issues/1376

I mentioned a few prices and links in there back then.

@Balls0fSteel commented on GitHub (Nov 17, 2022): https://github.com/qbittorrent/qBittorrent/issues/1376 I mentioned a few prices and links in there back then.
deekerman commented 2026-02-22 00:33:14 -05:00
Author
Owner
Copy link

@c0bw3b commented on GitHub (Feb 19, 2023):

Code signing is indeed becoming more and more important for trust in binary distribution, especially for software installed system-wide with elevated privileges.

Cost was an issue for FLOSS software but things have changed since 2014. There is now initiatives to provide code signing to open source project for free, such as SignPath:

Vim or Transmission installers are signed this way.

@c0bw3b commented on GitHub (Feb 19, 2023): Code signing is indeed becoming more and more important for trust in binary distribution, especially for software installed system-wide with elevated privileges. Cost was an issue for FLOSS software but things have changed since 2014. There is now initiatives to provide code signing to open source project for free, such as SignPath: * https://signpath.org/ * https://about.signpath.io/product/open-source Vim or Transmission installers are signed this way.
deekerman commented 2026-02-22 00:33:14 -05:00
Author
Owner
Copy link

@soredake commented on GitHub (May 10, 2023):

MSIX packages can be signed for free when published to microsoft store for example https://www.advancedinstaller.com/msix-digital-signing.html

@soredake commented on GitHub (May 10, 2023): MSIX packages can be signed for free when published to microsoft store for example https://www.advancedinstaller.com/msix-digital-signing.html
deekerman commented 2026-02-22 00:33:14 -05:00
Author
Owner
Copy link

@luzpaz commented on GitHub (May 14, 2023):

Close this as a dupe

@luzpaz commented on GitHub (May 14, 2023): Close this as a dupe
deekerman commented 2026-02-22 00:33:14 -05:00
Author
Owner
Copy link

@long76 commented on GitHub (Feb 21, 2025):

upvote this. maybe dup #17243

@long76 commented on GitHub (Feb 21, 2025): upvote this. maybe dup #17243
deekerman commented 2026-02-22 00:33:14 -05:00
Author
Owner
Copy link

@long76 commented on GitHub (Feb 21, 2025):

ping @Chocobo1 @sledgehammer999 @glassez

@long76 commented on GitHub (Feb 21, 2025): ping @Chocobo1 @sledgehammer999 @glassez
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v5_2_x
v5_1_x
debian
v5_0_x
v4_6_x
v4_5_x
v4_4_x
v4_3_x
v4_2_x
v4_1_x
v4_0_x
v3_3_x
v3_2_x
v3_1_x
v3_0_x
search_encoding_windows
v2_9_x
release-5.1.4
release-5.1.3
release-5.1.2
release-5.1.1
release-5.1.0
release-5.0.5
release-5.0.4
release-5.1.0rc1
release-5.1.0beta1
release-5.0.3
release-5.0.2
release-5.0.1
release-5.0.0
release-4.6.7
release-5.0.0rc1
release-4.6.6
release-4.6.5
release-4.6.4
release-5.0.0beta1
release-4.6.3
release-4.6.2
release-4.6.1
release-4.6.0
release-4.6.0rc2
release-4.5.5
release-4.6.0rc1
release-4.6.0beta1
release-4.5.4
release-4.6.0alpha1
release-4.5.3
release-4.5.2
release-4.5.1
release-4.5.0
release-4.5.0beta1
release-4.4.5
release-4.4.4
release-4.4.3.1
release-4.4.3
release-4.4.2
release-4.4.1
release-4.4.0
release-4.3.9
release-4.4.0rc1
release-4.3.8
release-4.4.0beta3
release-4.3.7
release-4.4.0beta2
release-4.4.0beta1
release-4.3.6
release-4.3.5
release-4.3.4.1
release-4.3.4
release-4.3.3
release-4.3.2
release-4.3.1
release-4.3.0.1
release-4.3.0
release-4.2.5
release-4.2.4
release-4.2.3
release-4.2.2
release-4.2.1
release-4.2.0
release-4.1.9.1
release-4.1.9
release-4.1.8
release-4.1.7
release-4.1.6
release-4.1.5
release-4.1.4
release-4.1.3
release-4.1.2
release-4.1.1
release-4.1.0
release-4.0.4
release-4.0.3
release-4.0.2
release-4.0.1
release-4.0.0
release-3.3.16
release-3.3.15
release-3.3.14
release-3.3.13
release-3.3.12
release-3.3.11
release-3.3.10
release-3.3.9
release-3.3.8
release-3.3.7
release-3.3.6
release-3.3.5
release-3.3.4
release-3.3.3
release-3.3.2
release-3.3.1
release-3.3.0
release-3.2.5
release-3.2.4
release-3.2.3
release-3.2.2
release-3.2.1
release-3.2.0
release-3.1.12
release-3.1.11
release-3.1.10
release-3.1.9.2
release-3.1.9.1
release-3.1.9
release-3.1.8
release-3.1.7
release-3.1.6
release-3.1.5
release-3.1.4
release-3.1.3
release-3.1.2
release-3.1.1
release-3.1.0
release-3.0.11
release-3.0.10
release-3.0.9
release-3.0.8
release-3.0.7
release-3.0.6
release-3.0.5
release-3.0.4
release-3.0.3
release-3.0.2
release-3.0.1
release-3.0.0
release-2.9.11
release-2.9.10
release-2.9.9
release-2.9.8
release-2.9.7
release-2.9.6
release-2.9.5
release-2.9.4
release-2.9.3
release-2.9.0
release-2.8.5
release-2.8.4
release-2.8.3
release-2.8.2
release-2.7.1
release-2.7.0
release-2.6.9
release-2.6.8
release-2.6.7
release-2.6.5
release-2.6.4
release-2.6.3
release-2.6.2
release-2.6.1
release-2.6.0
release-2.5.5
release-2.5.4
release-2.5.3
release-2.5.2
release-2.5.0
release-2.5.0rc1
release-2.4.11
release-2.5.0beta6
release-2.5.0beta5
release-2.5.0beta3
release-2.4.10
release-2.4.8
release-2.5.0beta2
release-2.5.0beta1
release-2.4.6
release-2.4.4
release-2.4.2
release-2.4.0
release-2.4.0rc3
release-2.4.0rc1
release-2.4.0beta3
release-2.4.0beta1
release-2.3.1
release-2.3.0
release-2.3.0rc6
release-2.2.11
release-2.3.0rc5
release-2.2.10
release-2.2.9
release-2.2.8
release-2.2.6
release-2.2.5
release-2.2.3
release-2.2.2
release-2.2.1
release-2.2.0
release-2.1.6
release-2.1.4
release-2.1.2
release-2.1.1
release-2.1.0
release-2.0.7
release-2.0.6
release-2.0.5
release-2.0.3
release-2.0.2
release-2.0.0
release-2.0.0rc6
release-2.0.0rc2
release-1.5.6
release-1.5.4
release-1.5.3
release-1.5.0
release-1.5.0rc5
release-1.5.0rc4
release-1.5.0rc3
release-1.5.0rc1
release-1.5.0beta4
release-1.5.0beta3
release-1.5.0beta2
release-1.5.0beta1
release-1.4.1
release-1.4.0
release-1.4.0rc2
release-1.4.0rc1
release-1.3.5
release-1.4.0beta3
release-1.3.4
release-1.3.3
release-1.3.1
release-1.3.0
release-1.2.1
release-1.2.0rc1
release-1.2.0beta6
release-1.1.4
release-1.2.0beta5
release-1.1.3
release-1.2.0beta3
release-1.1.2
release-1.2.0beta2
release-1.1.1
release-1.2.0beta1
release-1.1.0
release-1.1.0rc2
release-1.1.0rc1
release-1.1.0beta3
release-1.1.0beta2
release-1.0.0
release-1.0.0rc11
release-1.0.0rc10
release-1.0.0rc9
release-1.0.0rc8
release-1.0.0rc7
release-1.0.0rc6
release-1.0.0rc5
release-1.0.0rc4
release-1.0.0rc3
release-0.9.3
release-0.9.2
Labels
Clear labels   
Accessibility

   
AppImage

   
Bounty

   
Build system

   
CI

   
Can't reproduce

   
Code cleanup

   
Confirmed bug

   
Confirmed bug

   
Core

   
Crash

   
Data loss

   
Discussion

   
Docker

   
Documentation

   
Duplicate

   
Feature

   
Feature request

   
Feature request

   
Feature request

   
Filters

   
Flatpak

   
GUI

   
Has workaround

   
I2P

   
Invalid

   
Libtorrent

   
Look and feel

   
Meta

   
NSIS

   
Network

   
Not an issue

   
OS: *BSD

   
OS: Linux

   
OS: Windows

   
OS: macOS

   
PPA

   
Performance

   
Project management

   
Proxy/VPN

   
Qt bugs

   
Qt6 compat

   
RSS

   
Search engine

   
Security

   
Temp folder

   
Themes

   
Translations

   
Triggers

   
Waiting diagnosis

   
Waiting info

   
Waiting upstream

   
Waiting web implementation

   
Watched folders

   
WebAPI

   
WebUI

   
autoCloseOldIssue
No labels
Accessibility
AppImage
Bounty
Build system
CI
Can't reproduce
Code cleanup
Confirmed bug
Confirmed bug
Core
Crash
Data loss
Discussion
Docker
Documentation
Duplicate
Feature
Feature request
Feature request
Feature request
Filters
Flatpak
GUI
Has workaround
I2P
Invalid
Libtorrent
Look and feel
Meta
NSIS
Network
Not an issue
OS: *BSD
OS: Linux
OS: Windows
OS: macOS
PPA
Performance
Project management
Proxy/VPN
Qt bugs
Qt6 compat
RSS
Search engine
Security
Temp folder
Themes
Translations
Triggers
Waiting diagnosis
Waiting info
Waiting upstream
Waiting web implementation
Watched folders
WebAPI
WebUI
autoCloseOldIssue
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/qBittorrent#13982
No description provided.