[wix-devs] missing emails

[Sean Hall]

I've been having issues lately with wix-users where emails arrive out of
order, and sometimes some emails never show up. I hadn't seen it on
wix-devs until now - I never received Jacob's email. I'm on Gmail, is
anyone else experiencing this?

On Fri, Dec 14, 2018 at 5:38 PM Heath Stewart via wix-devs <
wix-devs at lists.wixtoolset.org> wrote:

> Strong-name signing with a different key produces a different strong name.
> Any pre-built extensions loading with a different public key token will
> fail. This is why delay- and test-signing is nice in this case.
>
> Back to Authenticode-signing: do you have capabilities to dual-sign? While
> the intent of this bug is to support Device Guard which is only on Windows
> 10, DLLs will need to be dual-signed SHA1 and SHA256 to support SHA1
> verification as currently hardcoded in Burn (i.e. VerifyPayloadAgainstChain
> supports only SHA1 signing).
>
> A SHA1-only signed certificate may suffice as well, but likely will be
> illegal under FIPS compliance in a few years. That said, solving that is a
> much larger problem that’s probably beyond the scope of this change (and
> instead involves checking for the largest platform-supported BIT-length in
> such call paths).
>
>
>
> From: Hoover, Jacob<mailto:Jacob.Hoover at greenheck.com>
> Sent: Friday, December 14, 2018 9:56 AM
> To: WiX Toolset Developer Mailing List<mailto:
> wix-devs at lists.wixtoolset.org>
> Cc: Heath Stewart<mailto:heaths at outlook.com>
> Subject: RE: [wix-devs] Signing build output
>
> I am trying to find a compelling reason for this... Is the desire for
> users to add/modify the design time tools and deploy in house? If they are
> doing deployments, it's not an insurmountable task to sign and strong name
> the toolset as it sits today, and if they are modifying both design time
> and runtime libraries I would expect them to have an understanding of the
> build process.
>