| ▲ | tokyobreakfast 6 hours ago |
| Does the 7-Zip author still refuse to digitally sign or even provide hashes of the official downloads? It's an extremely weird flex, he thinks it's a frivolous waste of time or something. |
|
| ▲ | reddalo 6 hours ago | parent | next [-] |
| I migrated from 7-Zip to NanaZip, a fork with modern Windows features that the original developer refuses to implement. https://github.com/M2Team/NanaZip |
| |
| ▲ | baal80spam 6 hours ago | parent | next [-] | | Whenever I see "modern Windows experience", it always turns to be worse than the original one. | | |
| ▲ | margalabargala 4 hours ago | parent | next [-] | | I take your point, and usually you're right, but in this case "modern features" includes things like having an "extract" button show up when you right click an archive file in Explorer. | | |
| ▲ | fuzzy2 an hour ago | parent [-] | | You can have that, and in an even better way: Simply disable the blight that is Windows 11 context menus and go back to real context menus. I’m not even joking, they are basically superior in every way. They open faster, they have only one visual axis and they support all the shell extensions you remember. (Too many shell extensions could make them just as slow though.) |
| |
| ▲ | deltastone 5 hours ago | parent | prev | next [-] | | I would agree normally, but this one is a nice change and upgrade, actually. | |
| ▲ | dlcarrier 4 hours ago | parent | prev [-] | | Well yeah, it says "modern" not "better". Modern Windows and OS X and Android and iOS are all worse than the old ones. |
| |
| ▲ | Already__Taken 4 hours ago | parent | prev | next [-] | | No update for a year for something that opens weird files from the internet is a little scary, even just dependency changes. Not that 7-zip was ever any better at that. | |
| ▲ | TiredOfLife 3 hours ago | parent | prev | next [-] | | Windows 11 has 7-zip support built in. | |
| ▲ | blibble 5 hours ago | parent | prev [-] | | modern windows features? I imagine an electron rewrite, with DirectX 12 and Copilot buttons everywhere |
|
|
| ▲ | jsheard 6 hours ago | parent | prev | next [-] |
| He's always been an odd one, for a long time he refused to enable even basic hardening features like ASLR and DEP because they made the executables slightly larger. He eventually relented on some of those, but last I heard the more advanced mitigations like HE-ASLR, CFG and GS were still disabled. |
|
| ▲ | giancarlostoro 6 hours ago | parent | prev [-] |
| Do people even double check installers are digitally signed? There's so much open source stuff out there that is not digitally signed, most people might not even notice. |
| |
| ▲ | tokyobreakfast 6 hours ago | parent | next [-] | | Windows has displayed a big scary orange prompt for at least the last decade when it isn't. More like 15-20 years IIRC. But I'm sure people blindly click through the "Unknown author" prompt just as they would ignore a certificate error. | | |
| ▲ | giancarlostoro 6 hours ago | parent | next [-] | | Like I said, theres a LOT of open source projects that show that prompt. Signing an MSI involves having a valid CA certificate, which AFAIK is not free, and goes beyond the budget of most projects. | | |
| ▲ | tokyobreakfast 6 hours ago | parent | next [-] | | It's not free but it's not expensive either. Most well known Windows open source projects have them; e.g. PuTTY, Wireguard, VLC, Rufus, etc. Maybe it's high time for a free-as-in-beer CA for non-profit open source developers funded by donations? Edit: I was wrong. Prices on code signing certificates have skyrocketed to in excess of $500/year, due in part to continuing meddling by the CA/B forum which increased the requirements of standard certs to be the same as EV certs, and requiring the key to be stored in a hardware token—which must now be re-issued yearly. This makes it near impossible to provide free or affordable certificates to developers. Thanks CA/B forum, lots of help as usual. | |
| ▲ | JohnTHaller 3 hours ago | parent | prev [-] | | We're up for renewal with PortableApps.com. The same one year non-EV code signing certificate with a USB token that was US$246 last year is now US$434 from GlobalSign. The lower prices you see some places are for 2+ years. Note that the certificate itself is only for 1 year regardless of how long you buy one for and you need to go through the renewal process each year just without payment. |
| |
| ▲ | rustyhancock 6 hours ago | parent | prev [-] | | Orange? It's a blue warning isn't it? Is this how one of us finds out he's colour blind? | | |
| ▲ | fuzzy2 6 hours ago | parent | next [-] | | The UAC dialog for unsigned software has an orange or yellow accent. You could be talking about the SmartScreen dialog. There's yet another dialog for executable files downloaded from the internet, which I think has a red shield for unsigned software. | |
| ▲ | tokyobreakfast 6 hours ago | parent | prev [-] | | Blue when it has a valid signature. Orange when it's missing or invalid. |
|
| |
| ▲ | ozim 5 hours ago | parent | prev [-] | | I use winget or homebrew, those tools do so for me and if something doesn't match they show an error. | | |
| ▲ | fuzzy2 an hour ago | parent [-] | | Neither WinGet nor Homebrew packages/formulae provide authenticity checks. They have integrity checks for file transfer. That’s it. Where did the file come from when it was entered into the respective repository? No statement. Whether Authenticode provides a sufficient authenticity check is yet another question, of course. Still, file integrity verification is just a side-effect. |
|
|
