2023-11-29, 10:07 PM
(This post was last modified: 2023-11-29, 10:09 PM by anthonylavado. Edited 1 time in total.)
I have a comment on the SmartScreen side of things. Basically, it's impossible to easily get things verified unless we spend $300+/year and build + sign only on one dedicated machine for hardware key purposes. The alternative is making the installer a file loader that downloads the package to install from the web. I'd rather continue to ship it as is, with the provided SHA256 hash for reference.
The short form - smartscreen is both code sign + reputation based, and unless you're a megacorp or the initial execution file never changes, the reputation starts at 0 for every new build.
Edit: https://github.com/jellyfin/jellyfin-ser.../issues/42
The short form - smartscreen is both code sign + reputation based, and unless you're a megacorp or the initial execution file never changes, the reputation starts at 0 for every new build.
Edit: https://github.com/jellyfin/jellyfin-ser.../issues/42