archive/blender-buildbot
Archived
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Do not expose MSIX on our servers/builder page #95218

New Issue
Open
opened 2022-01-26 11:42:45 +01:00 by Björn Eckhardt · 8 comments
Björn Eckhardt commented 2022-01-26 11:42:45 +01:00
Copy Link

The MSIX is not signed.
Once they hit the Windows Store, they will get signed though.
So the issue is really that we are exposing these on the builder download page [and the blender.org download page as well].
(reason for that being current automation).

note: even with signed MSI you MIGHT see a warning. This is because we don't have extended verification (EV) certificate, so until reasonable amount of people trust the build they'll see warning.

If users download and try to install these unsigned packages, they will report something like:

Original report: 3.0.1 not Trustworthy

I just downloaded the
Blender 3.0.1 - Stable
January 26, 03:46:40 - dc2d18018171 - msix - 250.27MB
x64 from blender.org

but I got a "not trustworthy" note. I thought you should know :-)

BlenderUnsafe.JPG

System Information
Operating system: Windows-10-10.0.19043-SP0 64 Bits
Graphics card: NVIDIA GeForce GTX 1080 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 496.49

The MSIX is not signed. Once they hit the Windows Store, they will get signed though. So the issue is really that we are exposing these on the builder download page [and the blender.org download page as well]. (reason for that being current automation). note: even with signed MSI you MIGHT see a warning. This is because we don't have extended verification (EV) certificate, so until reasonable amount of people trust the build they'll see warning. If users download and try to install these unsigned packages, they will report something like: **Original report: 3.0.1 not Trustworthy** I just downloaded the Blender 3.0.1 - Stable January 26, 03:46:40 - dc2d18018171 - msix - 250.27MB x64 from blender.org but I got a "not trustworthy" note. I thought you should know :-) ![BlenderUnsafe.JPG](https://archive.blender.org/developer/F12824997/BlenderUnsafe.JPG) **System Information** Operating system: Windows-10-10.0.19043-SP0 64 Bits Graphics card: NVIDIA GeForce GTX 1080 Ti/PCIe/SSE2 NVIDIA Corporation 4.5.0 NVIDIA 496.49
Björn Eckhardt commented 2022-01-26 11:42:45 +01:00
Author
Copy Link

Added subscriber: @BjornEckhardt

Added subscriber: @BjornEckhardt
Philipp Oeser commented 2022-01-26 11:46:47 +01:00
Copy Link

Added subscriber: @lichtwerk

Added subscriber: @lichtwerk
Philipp Oeser commented 2022-01-26 11:46:47 +01:00
Copy Link

Thx noting, checking with others...

Thx noting, checking with others...
Philipp Oeser commented 2022-01-26 12:31:58 +01:00
Copy Link

Changed status from 'Needs Triage' to: 'Confirmed'

Changed status from 'Needs Triage' to: 'Confirmed'
Philipp Oeser commented 2022-01-26 12:31:58 +01:00
Copy Link

The MSIX is indeed not signed.
Once they hit the Windows Store, they will get signed though.
So the issue is really that we are exposing this on the builder download page [and the blender.org download page as well].
(reason for that being current automation).

So will keep this task (thx reporting!) and make this a TODO aiming at not exposing MSIX on our servers/builder page.

The MSIX is indeed not signed. Once they hit the Windows Store, they will get signed though. So the issue is really that we are exposing this on the builder download page [and the blender.org download page as well]. (reason for that being current automation). So will keep this task (thx reporting!) and make this a TODO aiming at not exposing MSIX on our servers/builder page.
Philipp Oeser changed title from 3.0.1 not Trustworthy to Do not expose MSIX and MSI on our servers/builder page 2022-01-26 12:35:11 +01:00
Philipp Oeser commented 2022-01-26 12:49:48 +01:00
Copy Link

Added subscribers: @Sergey, @brecht

Added subscribers: @Sergey, @brecht
Brecht Van Lommel commented 2022-01-26 13:28:34 +01:00
Copy Link

The MSI is signed, but this report was about MSIX which is indeed not signed and could be hidden.

The MSI is signed, but this report was about MSIX which is indeed not signed and could be hidden.
Philipp Oeser changed title from Do not expose MSIX and MSI on our servers/builder page to Do not expose MSIX on our servers/builder page 2022-01-26 13:30:43 +01:00
Philipp Oeser commented 2022-01-26 13:31:45 +01:00
Copy Link

In #95218#1295274, @brecht wrote:
The MSI is signed, but this report was about MSIX which is indeed not signed and could be hidden.

Thx noting, changed task description now

> In #95218#1295274, @brecht wrote: > The MSI is signed, but this report was about MSIX which is indeed not signed and could be hidden. Thx noting, changed task description now
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Priority::Low
Priority::Normal
Priority::Unbreak Now!
Status::Archived
Status::Confirmed
Status::Duplicate
Status::Needs Information from Developers
Status::Needs Triage
Status::Resolved
Type::Bug
Type::Report
Type::To Do
legacy module
Development Management
legacy module
Platforms, Builds, Tests & Devices
legacy module
Python API
legacy module
Rendering & Cycles
legacy project
3.3
legacy project
Development Management
legacy project
Documentation
legacy project
Infrastructure: Blender Buildbot
legacy project
Infrastructure: Websites
legacy project
Platform: Windows
legacy project
Platform: macOS
legacy project
Platforms, Builds, Tests & Devices
legacy project
Python API
legacy project
Render & Cycles
No Label
Priority::Normal
Status::Confirmed
Type::To Do
legacy project
Infrastructure: Blender Buildbot
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
blender-admin
No Assignees
3 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: archive/blender-buildbot#95218
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?