This is a continuation of bug 2075. On that bug, we are starting to sign the Windows client installer and customizer. However, I think we should sign *all* binaries. This includes files inside the Windows client package, as well as the WTS Tools installer and files.
Note that I used the comment "ThinLinc Client" when requesting the Go Daddy certificate. The downloaded file was called Cendio-AB-ThinLinc-Client.pem. However, if you look at the actual cert, this is not visible, the subject is just:
C=SE, ST=Ostergotland, L=Linkoping, O=Cendio AB, CN=Cendio AB
So, I think it should be safe to use the same cert even for WTS Tools stuff.
Unfortunately "ThinLinc Client" is embedded in the certificate in a magical Microsoft-field. Windows will also show this text now and then.
So it seems we need another certificate for non-client stuff.
Created attachment 737 [details]
Windows SmartScreen warning when installing wts-tools
If you try to install wts-tools on Windows 10 with "SmartScreen" enabled you get a warning saying:
> Windows protected your PC
> Windows SmartScreen prevented an unrecognised application from starting.
> Running this application might put your PC at risk.
At first, the dialog only displays one button - "Don't run" but you can choose "More info" and then click "Run".
rdesktop (and associated tools) is being removed from the ThinLinc product.
This isn't just for (the now removed) WTS tools, so reopening. We'd like to sign all client binaries to avoid tampering.
When this is fixed we can re-enable our automatic test that all binaries are signed.