Add blog post about our journey with SignPath

Author: justinclift

content/blog/2024-11-08-our-journey-with-signpath.md

@@ -0,0 +1,66 @@
+---
+title: Our journey with SignPath
+author: SeongTae Jeong
+date: '2024-11-08'
+slug: our-journey-with-signpath
+categories:
+  - db4s
+tags:
+  - signpath
+  - windows
+---
+
+# Our Journey with SignPath: Code Signing for Windows Binaries
+
+When distributing software, code signing is essential to ensure our users can trust the software they download,
+especially on an operating system like Windows that displays security warnings for unsigned software.
+
+So for us, code signing is not just an option, but a necessity to validate software binaries, prevent tampering, and
+for the convenience of our users.
+
+
+## A Little Background on This Journey
+
+It's not difficult to code sign and notarize software binaries for Apple macOS.  In fact, there's only one option.
+
+However, for Windows binaries, there are a number of companies offering code signing services at varying costs, which
+made it difficult to choose.  One of our team members learned about [SignPath](https://signpath.org),
+which provides free code signing services for FOSS projects, and it seemed like a logical choice for many reasons
+("free and seems legit"), so we contacted the SignPath team.
+
+
+## The Challenge We Faced
+
+Getting started with code signing wasn't difficult, as SignPath provided us with well-written documentation. However,
+our existing CI/CD platform - GitHub Actions - wasn't supported by SignPath, so we needed to configure a new CI
+pipeline for AppVeyor to sign and deploy our software code.
+
+We learned that SignPath was also supporting GitHub Actions in a private beta, so we asked for access, which we
+received after a few weeks.
+
+There have been some minor bugs in the integration with GitHub Actions, but after reaching out to the SignPath team 
+they were fixed within a few days.
+
+As a result, we're now successfully deploying code-signed Windows binaries to our users using our existing GitHub
+Actions.
+
+
+## Personal Impressions and Reflections
+
+We are now able to distribute code-signed Windows binaries to our users thanks to [SignPath's well-written
+documentation](https://about.signpath.io/documentation/signing-code), quick response to issues, and friendly support.
+
+We also appreciate the fact that they don't put a financial burden on FOSS projects. :D
+
+If you're looking to get your code signed for Windows binaries, I highly recommend that you consider working with the
+awesome [SignPath team](https://signpath.org/apply).
+
+Finally, a huge thanks to [the SignPath team](https://about.signpath.io/team), and also a huge thanks to the users who
+love our application. :)
+
+
+## Further information
+
+* [SignPath Code Signing for Open Source Software projects](https://signpath.org/about)
+* [SignPath Code Signing for Commercial projects](https://signpath.io/code-signing)
+* [Documentation for SignPath Code Signing](https://about.signpath.io/documentation/signing-code)

docs/blog/index.html

@@ -67,6 +67,13 @@
 
     <h2 class="archive-title">2024</h2>
 
+    <article class="archive-item">
+      <a href="/blog/our-journey-with-signpath/" class="archive-item-link">Our journey with SignPath</a>
+      <span class="archive-item-date">
+        2024-11-08
+      </span>
+    </article>
+    
     <article class="archive-item">
       <a href="/blog/version-3-13-1-released/" class="archive-item-link">Version 3.13.1 released</a>
       <span class="archive-item-date">

docs/blog/index.xml

@@ -6,7 +6,18 @@
     <description>Recent content in Blogs on DB Browser for SQLite</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Wed, 16 Oct 2024 00:00:00 +0000</lastBuildDate><atom:link href="/blog/index.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Fri, 08 Nov 2024 00:00:00 +0000</lastBuildDate><atom:link href="/blog/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Our journey with SignPath</title>
+      <link>/blog/our-journey-with-signpath/</link>
+      <pubDate>Fri, 08 Nov 2024 00:00:00 +0000</pubDate>
+      
+      <guid>/blog/our-journey-with-signpath/</guid>
+      <description>Our Journey with SignPath: Code Signing for Windows Binaries When distributing software, code signing is essential to ensure our users can trust the software they download, especially on an operating system like Windows that displays security warnings for unsigned software.
+So for us, code signing is not just an option, but a necessity to validate software binaries, prevent tampering, and for the convenience of our users.
+A Little Background on This Journey It&amp;rsquo;s not difficult to code sign and notarize software binaries for Apple macOS.</description>
+    </item>
+    
     <item>
       <title>Version 3.13.1 released</title>
       <link>/blog/version-3-13-1-released/</link>

docs/blog/our-journey-with-signpath/index.html

@@ -0,0 +1,168 @@
+<!DOCTYPE html>
+<html lang="en-us">
+  <head>
+    <meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<meta name="generator" content="Hugo 0.111.3">
+
+
+<title>Our journey with SignPath - DB Browser for SQLite</title>
+<meta property="og:title" content="Our journey with SignPath - DB Browser for SQLite">
+
+
+  <link href='/favicon.ico' rel='icon' type='image/x-icon'/>
+
+
+
+  
+
+
+
+
+<link href="https://sqlitebrowser.org/index.xml" rel="alternate" type="application/rss+xml" title="DB Browser for SQLite" />
+
+
+
+<link rel="stylesheet" href="/css/fonts.css" media="all">
+
+<link rel="stylesheet" href="/css/main.css" media="all">
+
+
+
+
+
+  </head>
+  <body>
+    <div class="wrapper">
+      <header class="header">
+        <nav class="nav">
+  <a href="/" class="nav-logo">
+    <img src="/images/sqlitebrowser.svg"
+         width="50"
+         height="50"
+         alt="DB Browser for SQLite logo">
+  </a>
+  <ul class="nav-links">
+    <li><a href="/about/">About</a></li>
+    <li><a href="/dl/"><b>Download</b></a></li>
+    <li><a href="/blog/">Blog</a></li>
+    <li><a href="https://github.com/sqlitebrowser/sqlitebrowser/wiki">Docs</a></li>
+    <li><a href="https://github.com/sqlitebrowser/sqlitebrowser">GitHub</a></li>
+    <li><a href="https://gitter.im/sqlitebrowser/sqlitebrowser">Gitter</a></li>
+    <li><a href="/stats/">Stats</a></li>
+    <li><a href="https://www.patreon.com/db4s">Patreon</a></li>
+    <li><a href="https://dbhub.io">DBHub.io</a></li>
+  </ul>
+</nav>
+
+      </header>
+
+
+<main class="content" role="main">
+
+  <article class="article">
+    
+    <span class="article-duration">2 min read</span>
+    
+
+    <h1 class="article-title">Our journey with SignPath</h1>
+
+    
+    <span class="article-date">2024-11-08</span>
+    
+
+    <div class="article-content">
+      <h1 id="our-journey-with-signpath-code-signing-for-windows-binaries">Our Journey with SignPath: Code Signing for Windows Binaries</h1>
+<p>When distributing software, code signing is essential to ensure our users can trust the software they download,
+especially on an operating system like Windows that displays security warnings for unsigned software.</p>
+<p>So for us, code signing is not just an option, but a necessity to validate software binaries, prevent tampering, and
+for the convenience of our users.</p>
+<h2 id="a-little-background-on-this-journey">A Little Background on This Journey</h2>
+<p>It&rsquo;s not difficult to code sign and notarize software binaries for Apple macOS.  In fact, there&rsquo;s only one option.</p>
+<p>However, for Windows binaries, there are a number of companies offering code signing services at varying costs, which
+made it difficult to choose.  One of our team members learned about <a href="https://signpath.org">SignPath</a>,
+which provides free code signing services for FOSS projects, and it seemed like a logical choice for many reasons
+(&ldquo;free and seems legit&rdquo;), so we contacted the SignPath team.</p>
+<h2 id="the-challenge-we-faced">The Challenge We Faced</h2>
+<p>Getting started with code signing wasn&rsquo;t difficult, as SignPath provided us with well-written documentation. However,
+our existing CI/CD platform - GitHub Actions - wasn&rsquo;t supported by SignPath, so we needed to configure a new CI
+pipeline for AppVeyor to sign and deploy our software code.</p>
+<p>We learned that SignPath was also supporting GitHub Actions in a private beta, so we asked for access, which we
+received after a few weeks.</p>
+<p>There have been some minor bugs in the integration with GitHub Actions, but after reaching out to the SignPath team
+they were fixed within a few days.</p>
+<p>As a result, we&rsquo;re now successfully deploying code-signed Windows binaries to our users using our existing GitHub
+Actions.</p>
+<h2 id="personal-impressions-and-reflections">Personal Impressions and Reflections</h2>
+<p>We are now able to distribute code-signed Windows binaries to our users thanks to <a href="https://about.signpath.io/documentation/signing-code">SignPath&rsquo;s well-written
+documentation</a>, quick response to issues, and friendly support.</p>
+<p>We also appreciate the fact that they don&rsquo;t put a financial burden on FOSS projects. :D</p>
+<p>If you&rsquo;re looking to get your code signed for Windows binaries, I highly recommend that you consider working with the
+awesome <a href="https://signpath.org/apply">SignPath team</a>.</p>
+<p>Finally, a huge thanks to <a href="https://about.signpath.io/team">the SignPath team</a>, and also a huge thanks to the users who
+love our application. :)</p>
+<h2 id="further-information">Further information</h2>
+<ul>
+<li><a href="https://signpath.org/about">SignPath Code Signing for Open Source Software projects</a></li>
+<li><a href="https://signpath.io/code-signing">SignPath Code Signing for Commercial projects</a></li>
+<li><a href="https://about.signpath.io/documentation/signing-code">Documentation for SignPath Code Signing</a></li>
+</ul>
+
+    </div>
+  </article>
+
+  
+
+
+</main>
+
+      <footer class="footer">
+        <ul class="footer-links">
+            <li>
+              <a href="https://sqlitebrowser.org/index.xml" type="application/rss+xml" target="_blank">RSS feed</a>
+            </li>
+          <li>
+            <a href="https://twitter.com/sqlitebrowser" target="_blank">Twitter</a>
+          </li>
+          <li>
+            <a href="/privacy-policy">Privacy policy</a>
+          </li>
+        </ul>
+        <br />
+      </footer>
+    </div>
+    
+
+    
+
+    
+<script>
+(function(f, a, t, h, o, m){
+	a[h]=a[h]||function(){
+		(a[h].q=a[h].q||[]).push(arguments)
+	};
+	o=f.createElement('script'),
+	m=f.getElementsByTagName('script')[0];
+	o.async=1; o.src=t; o.id='fathom-script';
+	m.parentNode.insertBefore(o,m)
+})(document, window, '//stats.sqlitebrowser.org/tracker.js', 'fathom');
+fathom('set', 'siteId', 'DWUMT');
+fathom('trackPageview');
+</script>
+
+
+    
+    
+  <script src="https://utteranc.es/client.js"
+        repo="sqlitebrowser/website"
+        issue-term="pathname"
+        label="utterances"
+        theme="github-light"
+        crossorigin="anonymous"
+        async>
+</script>
+    
+    
+  </body>
+</html>
+

docs/categories/db4s/index.html

@@ -67,6 +67,13 @@
 
     <h2 class="archive-title">2024</h2>
 
+    <article class="archive-item">
+      <a href="/blog/our-journey-with-signpath/" class="archive-item-link">Our journey with SignPath</a>
+      <span class="archive-item-date">
+        2024-11-08
+      </span>
+    </article>
+    
     <article class="archive-item">
       <a href="/blog/version-3-13-1-released/" class="archive-item-link">Version 3.13.1 released</a>
       <span class="archive-item-date">

docs/categories/db4s/index.xml

@@ -6,7 +6,18 @@
     <description>Recent content in db4s on DB Browser for SQLite</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Wed, 16 Oct 2024 00:00:00 +0000</lastBuildDate><atom:link href="/categories/db4s/index.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Fri, 08 Nov 2024 00:00:00 +0000</lastBuildDate><atom:link href="/categories/db4s/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Our journey with SignPath</title>
+      <link>/blog/our-journey-with-signpath/</link>
+      <pubDate>Fri, 08 Nov 2024 00:00:00 +0000</pubDate>
+      
+      <guid>/blog/our-journey-with-signpath/</guid>
+      <description>Our Journey with SignPath: Code Signing for Windows Binaries When distributing software, code signing is essential to ensure our users can trust the software they download, especially on an operating system like Windows that displays security warnings for unsigned software.
+So for us, code signing is not just an option, but a necessity to validate software binaries, prevent tampering, and for the convenience of our users.
+A Little Background on This Journey It&amp;rsquo;s not difficult to code sign and notarize software binaries for Apple macOS.</description>
+    </item>
+    
     <item>
       <title>Version 3.13.1 released</title>
       <link>/blog/version-3-13-1-released/</link>

docs/categories/index.html

@@ -70,7 +70,7 @@ <h2 class="archive-title">2024</h2>
     <article class="archive-item">
       <a href="/categories/db4s/" class="archive-item-link">db4s</a>
       <span class="archive-item-date">
-        2024-10-16
+        2024-11-08
       </span>
     </article>
 

docs/categories/index.xml

@@ -6,11 +6,11 @@
     <description>Recent content in Categories on DB Browser for SQLite</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Wed, 16 Oct 2024 00:00:00 +0000</lastBuildDate><atom:link href="/categories/index.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Fri, 08 Nov 2024 00:00:00 +0000</lastBuildDate><atom:link href="/categories/index.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>db4s</title>
       <link>/categories/db4s/</link>
-      <pubDate>Wed, 16 Oct 2024 00:00:00 +0000</pubDate>
+      <pubDate>Fri, 08 Nov 2024 00:00:00 +0000</pubDate>
 
       <guid>/categories/db4s/</guid>
       <description></description>

docs/index.html

@@ -120,6 +120,13 @@ <h2 id="windows-code-signing-policy">Windows Code-Signing Policy</h2>
 
     <h2 class="archive-title">2024</h2>
 
+    <article class="archive-item">
+      <a href="/blog/our-journey-with-signpath/" class="archive-item-link">Our journey with SignPath</a>
+      <span class="archive-item-date">
+        2024-11-08
+      </span>
+    </article>
+    
     <article class="archive-item">
       <a href="/blog/version-3-13-1-released/" class="archive-item-link">Version 3.13.1 released</a>
       <span class="archive-item-date">

docs/index.xml

@@ -6,7 +6,18 @@
     <description>Recent content on DB Browser for SQLite</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Wed, 16 Oct 2024 00:00:00 +0000</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml" />
+    <lastBuildDate>Fri, 08 Nov 2024 00:00:00 +0000</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>Our journey with SignPath</title>
+      <link>/blog/our-journey-with-signpath/</link>
+      <pubDate>Fri, 08 Nov 2024 00:00:00 +0000</pubDate>
+      
+      <guid>/blog/our-journey-with-signpath/</guid>
+      <description>Our Journey with SignPath: Code Signing for Windows Binaries When distributing software, code signing is essential to ensure our users can trust the software they download, especially on an operating system like Windows that displays security warnings for unsigned software.
+So for us, code signing is not just an option, but a necessity to validate software binaries, prevent tampering, and for the convenience of our users.
+A Little Background on This Journey It&amp;rsquo;s not difficult to code sign and notarize software binaries for Apple macOS.</description>
+    </item>
+    
     <item>
       <title>Version 3.13.1 released</title>
       <link>/blog/version-3-13-1-released/</link>