Re: Microsoft Smart App Control - Git - git-bash.exe File Unsigned

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2023-10-05 at 20:41:39, Rolland Swing (Insight Global LLC) wrote:
> Hi Git Team,

Hey,

> We're part of the Microsoft team that owns Smart App Control (https://learn.microsoft.com/en-us/windows/apps/develop/smart-app-control/overview), which requires applications to sign all of their executable files (exe, dll, msi, tmp, and a few other file formats).
>  
> We found during internal testing and/or from user feedback that your app, git-bash.exe, is not correctly signed. 
> 
> Block Event:   FileName: \Device\HarddiskVolume7\Program Files\Git\git-bash.exe
>   Calling Process: \Device\HarddiskVolume7\Windows\explorer.exe
>   Sha256 Hash: 42F2E685686FB6356A195709AF912C7B9D424466BD7C6D69258AADA5E80AC3C2 

The Git project doesn't distribute any binaries at all.  We distribute
only source code.  Many distributors compile these to produce binaries.

The project you are probably thinking of is Git for Windows, which,
while related, is a separate project.  They do indeed distribute
binaries, and this looks like a binary that's theirs.  If you'd like to
contact them, you can use their issue tracker
(https://github.com/git-for-windows/git/issues) to inquire.

However, I will note that a cursory search there found
https://github.com/git-for-windows/git/issues/798, where the maintainer
points out that there are over 400 exe files and 250 dll files, which
would make signing them all excessively burdensome.  I expect the
upcoming requirements for HSM-backed keys for Windows code signing may
make that even slower and more burdensome.  That being said, perhaps
with automation, the maintainer may feel differently than they did in
2016, so it might be worth asking again.
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux