SMAPI - Stardew Modding API

SMAPI - Stardew Modding API

971k Downloads

Look into code signing

Pathoschild opened this issue · 3 comments

commented

Consider code-signing SMAPI releases to reduce antivirus false positives.

commented

I'll go with KSoftware. A quick review of the main candidates per discussion with @vaindil:

  • DigiCert is 'as low as' $178/year, which is pretty expensive. They allow unlimited reissues, but that's not necessary since I have careful backups.
  • Certum is only €28.00/year (plus one-time kit purchase), but it's tied to a physical device which I'd rather not manage.
  • KSoftware is $84/year, with discounts for longer terms. Pricier than Certum, but no physical device to manage. They have good reviews online.

Note that this only applies to Windows. Linux is generally opposed to code signing (see [1] [2] [3]). Mac has code signing, but it doesn't seem to have much relevance (and I'd need to figure out how to do it from Linux).

commented

Certificate ordered from KSoftware, pending verification from Comodo.

commented

Ideally SMAPI should use a code-signing certificate that Linux/Mac/Windows will recognise by default, and isn't too expensive. Some options: