Google safe browsing blocks site

[F1RMB]

The location has changed, see viewtopic.php?f=12&t=3514

[SA0BUX]

The link doesn't go to anything anymore.

Use downloads/PC_CPS/Latest/

[KC7RBW]

Software signing costs at least $1000 per year, and may not prevent these false positives.

If the code were under open source licenses, you could sign your code for as little as €49.00.
https://shop.certum.eu/open-source-code ... ysign.html

Without an open source license, it's closer to €379 for 3 years (€127/year).
https://shop.certum.eu/standard-code-si ... cloud.html

I'm not advertising for Certnum, they just seemed to be the cheapest option for this. Used to be free for open source. Comodo claims to be the cheapest, but looks to be more expensive than Certnum to me.

In any case, definitely not $1000, which I admit would be a harder pill to swallow.
I'd put up €379 myself. Or you could setup Patreon or something.

Or you could apply for an ARDC grant and see where that goes. They have a lot of funding from the sale of IPv4 blocks, and a mandate to see it spent on projects that benefit amateur radio.
https://www.ardc.net/apply/

[F1RMB]

Maybe you forgot the history of the CPS.

[KC7RBW]

I did not forget its history. I'm aware that means it can't be under an open source license. That's why I added cheaper options for non open source software.

Or are you implying that its provenance might be a reason not to sign it?

[VK3KYY]

I did not forget its history. I'm aware that means it can't be under an open source license. That's why I added cheaper options for non open source software.

Or are you implying that its provenance might be a reason not to sign it?

There are a myriad of reasons why this is impractical

1. Just code signing will not guarantee that the application is not blacklisted by various antivirus programs. e.g. Some may not accept the certificate some may ignore the certificate.

2. The process of being blocked my Google safe browsing seems somewhat opaque. It looks like anyone can report a site as containing malware.
https://safebrowsing.google.com/safebro ... are/?hl=en
Although Google claim they scan looking for malware, its not clear when and how they do this. They never seem to re-scan to check if "malware" still exist, i.e the old link is now an empty folder and is still blocked by google months after all the files were moved.

3. If someone reports something as malware, there does not seem to be a documented process to object. This is somewhat like Google's approache to DCMA requests, e.g. the recent case where a browser app keeps getting DCMA takedowns from companies representing film companies, even though the browser app does not contain any illegal content.
The writer of the app seems to have needed to go to the press to get their situation highlighted before Google will eventually un-blacklist it again.

Given this is a very minority use exe, its going to be very hard to get Google to unblacklist it, if someone again submits a malware report.

4. Looking at the requirements to code signing, you would need to provide personal identification documents to that company.

https://support.certum.eu/en/code-signi ... documents/

Given that I have now been involved in at least 3 major identity details breaches in the last 2 years, including needing to have my drivers license replaced.

I no longer give my identity documents to any organisation unless required by law to do so.

PS. Facebook required me to give them my passport scan a few years ago, which I also declined to do, hence I am no longer on any Meta social media platforms.