[Pidgin] Are the packages signed modified

Pidgin trac at pidgin.im
Wed Oct 31 17:28:20 EDT 2018


Page "Are the packages signed" was changed by EionRobb
Diff URL: <https://developer.pidgin.im/wiki/Are%20the%20packages%20signed?action=diff&version=12>
Revision 12
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: Are the packages signed
=========================================================================
--- Are the packages signed (version: 11)
+++ Are the packages signed (version: 12)
@@ -33,12 +33,13 @@
 
 === Windows Installers ===
 As of Pidgin 2.10.7, the various Windows binaries are signed in two ways.
- * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah using a certificate with a thumbprint of one of the following:
-  * Pidgin 2.11.0+: `d3ad05e6a0dd4b777829b84cf8e371181acd04a7`
+ * the installers and `pidgin.exe` are signed using the [http://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx Microsoft Authenticode] signing mechanism by Daniel Atallah or Eion Robb using a certificate with a thumbprint of one of the following:
+  * Pidgin 2.13.0+: `a8f1e30ca0a49e2d393a55c79715854490425503`
+  * Pidgin 2.11.0 - 2.12.0: `d3ad05e6a0dd4b777829b84cf8e371181acd04a7`
   * Pidgin 2.10.10 - 2.10.12: `45b37f151a113d5070036421370813b9fba5cb13`
   * Pidgin 2.10.7 - 2.10.9: `C5476901C3C63FABF54CEBA9E3F887932A9579B5`
-  * Note that since 2.10.10, these signatures use the SHA-256 algorithm, which Windows XP doesn't support (you can still use GPG to validate the package)
- * all distributed packages (installers, debug symbols, binary zip file, gtk bundle zip file) are signed with [http://www.gnupg.org/ GPG] by Daniel Atallah (`DE890574`).
+  * Note that since 2.10.10, these signatures may use the SHA-256 algorithm, which Windows XP doesn't support (you can still use GPG to validate the package)
+ * all distributed packages (installers, debug symbols, binary zip file, gtk bundle zip file) are signed with [http://www.gnupg.org/ GPG] by Daniel Atallah (`DE890574`) or Eion Robb (`BC6F79B6`).
 
 The authenticode signature can be verified most easily by using Windows Explorer to look at the Properties of the installer executable.
 In the "Digital Signatures" tab, you can look at the Details of the signature, "View Certificate", and compare the (case-insensitive, whitespace-insensitive) "Thumbprint" value in the "Details" tab to the value listed above.
-------8<------8<------8<------8<------8<------8<------8<------8<--------

--
Page URL: <https://developer.pidgin.im/wiki/Are%20the%20packages%20signed>
Pidgin <https://pidgin.im>
Pidgin

This is an automated message. Someone added your email address to be
notified of changes on 'Are the packages signed' page.
If it was not you, please report to datallah at pidgin.im.


More information about the Wikiedit mailing list