DIfficult to install Slicer because the installer is not signed

It is getting more and more difficult to install Slicer’s unsigned installation package.

On Windows, the user has to click through a series of dialog boxes explaining how unsafe this downloaded application is and recently SmartFilter scans started to take several minutes (the user just waiting for the SmartFilter dialog to go away, it’s not clear what’s happening).

The situation is getting worse on Mac, too, as reported by @Fedorov here: Multiple startup errors and no SimpleITK in May 1 nightly on mac.

@jcfr you worked on this in the past, can you summarize how far you got and what would need to be done to get the installation packages signed?

windows

it is quite “straight forward” to sign the installer at least, see Documentation/Nightly/Developers/Windows Code Signing - Slicer Wiki

We have available certificate(s) (we already use them for signing the stable release). I will check internally how we can automate signing of the nightly installers.

MacOSX,

We also have the process documented here: Documentation/Nightly/Developers/Mac OS X Code Signing - Slicer Wiki

For this one, we need to update the packaging system to be more closely integrated with the signing process.

Also, we have certificate available (we are member of the developer program). I will check internally and report back with a timeline.

Thanks for the information, it sounds very promising!

To follow up on this, internally at Kitware we are currently discussing how to solve the issue across our platforms. While I don’t yet have a timeline, I can tell that we are making progress.

The idea will be to have decoupled components including “signing systems” (e.g windows system for installer signing, MacOSX system for dmg signing, Linux based GPG signing for source distribution, …) and a “distributions depot” system (probably an internal SFTP server).