some users complained, that Windows Defender SmartScreen prevents the seafile client app to be installed, because the binary is not signed and therefore a risk. Of course, one can ignore the warning and continue the installation. Any opinions on that?
Both Seafile Client and SeaDrive are signed.
This is what I get when I try to install the client on a Windows 10 machine.
On the Details tab I find:
File is not signed
although is says “signed” in the header. Hmmm, …
Ah, in the header is also a tag “invalid-signature”. That might be an explanation.
The certificate of the timestamping server expired at the end of mai.
We’ll look into the issue.
That’s because the package is broken. We have made a new package and updated the download link. Please try again.
Now, it also displays “invalid-signature”. Not sure whether that one was added in the meantime, or I just missed it.
For the new version the signature is valid, again. It would have been more transparent to just release it as 7.0.9, though.
Compared with older versions the timestamp is using sha-384 instead of sha1 which also is a significant improvement.
The current code signing certificate of Seafile Ltd. is valid till 03/18/2021 and the timestamp servers certificate until 08/01/2030.
It was simply a packaging issue. The package was somehow damaged. The certificates are all valid.
No, the timestamping server certificate was invalid at the time the first 7.0.8 version was released.