
Ask HN: Why isn't rust-up signed for Windows? The message will scare away users - fortran77
I wanted to get started with Rust and Windows popped up three different warning messages about it being unsigned. Is it safe? Why didn&#x27;t the author sign it?<p>https:&#x2F;&#x2F;i.imgur.com&#x2F;DfIEARa.png
======
jdonald
> Why didn't the author sign it?

Discussed here: [https://github.com/rust-
lang/rustup.rs/issues/1568](https://github.com/rust-
lang/rustup.rs/issues/1568)

It boils down to that the authors have not gotten around to it and are not
experts on Authenticode. Apparently the macOS binary is also not signed, so at
least Windows isn't being singled out.

To validate your binary you can use the SHA256 checksum that someone posted in
the issue two days ago.

~~~
fortran77
Thanks.

Are there people on the team that don't like or care about those running
anything other than Linux (whose users will download and run anything!)? Or is
this simply laziness?

~~~
jdonald
I would assume positive intent. There are some answers to give perspective if
you read further down in the ticket, like this one:

\-----------------

kinnison commented on Jun 6

We _do_ care we care greatly. Sadly while we have someone volunteering to help
us with sorting out code-signing, it is a complex logistical problem because
there's not (yet) a mechanism in place for the project to hold a legal entity
to be identified by the certificates.

