Hi Morgan,
Am 23.07.25 um 21:41 schrieb Clark, Morgan:
Hi, thanks for writing back. I'm not a Windows developer, but I think what we need is something like the description athttps://stackoverflow.com/questions/252226/signing-a-windows-exe-file. Use SignTool.exe (from the Windows SDK) to apply a certificate to the .exe, probably after using MakeCert.exe (also from the Windows SDK) to create that self-signed certificate.
This makes no sense at all. If you're running a locked-down environment where only signed executables are allowed (which is a sensible thing to do), a self-signed certificate won't help you, because it doesn't have a trust chain down to a root certificate that your systems know and trust.
If you decide to trust self-signed certificates in such an environment, bypassing the entire trust chain, you can just stop locking down the environment and save yourself the time and effort - you've just bypassed all the security gains the setup was supposed to bring.
In fact, you could probably generate such a signature yourself and no one in your environment would notice it was you if you're really allowing self-signed certs (again, setting up your enviroment that way is *THE TOTAL OPPOSITE OF SMART*).
If that's what Dell is allowing internally, then our reply is: Sorry, we do not cater to corporate stupidity. You have all the tools needed to shoot yourself in the foot available to yourself, we don't want to be a part of it.
If, on the other hand, you wanted to do it the proper way, the one that would actually improve security, with an official certificate, you'd offer to support the X2Go project financially (not just once, but in an ongoing fashion) so we could afford getting the required infrastructure in place, jump through all the required hoops to get an official signing certificate, etc.
However, given the low amount of active volunteers and the fact that the project has been underfunded for several years now (if you browse our donation pages, you will see unfulfilled needs going back to summer 2024, with an open amount over 3 700 EUR in total), I doubt this is going to happen soon. We just have more pressing needs to worry about at the moment - basically, "keeping the lights on".
We keep getting requests both on- and off-list from companies that we should do this and that for them, but when we mention that we need funding to add new features and fix bugs, the responses range from insults like "F--- you, I'll just use $RANDOM_OTHER_SOFTWARE instead" (of course, in the uncensored form) and "how dare you, you claim to be a free software project so you have to work for us for free, too" to "oh, nevermind, I was just asking".
Now, if Dell suddenly had a change of heart and wants to support us financially, we sure as hell won't say no. But the past experience we've had with your employer wasn't exactly stellar (when we asked for tech support for two Dell-made devices that were bought together, but wouldn't play nicely with each other, we were basically told to either use Dell's own operating systen instead of our own X2Go ThinClient image or get lost), so I'm definitely not getting my hopes up.
[...]
Internal Use - Confidential
You can tag your E-Mails Internal and Confidential as much as you like, this is a public mailing list, and thus can be read and archived by anyone. You agreed to our terms and conditions when you signed up - no amount of after-the-fact legalese will change that.
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243