Code Signing

[joeraz]

Regarding the recurring issue with the antivirus false positives, I've realized there's only one way to truly resolve it: code signing. Having a signed app would reduce the chances of those false positives, but getting a code signing certificate requires a paid subscription. As this is an open source project with zero budget, that is not practical (and frankly, feels like a scam).

I've recently learned about SignPath, who are willing to offer code signing certificates for open source projects (https://about.signpath.io/product/open-source). I've reached out and confirmed they're free, though the terms and conditions (at https://github.com/SignPath/Website-old/blob/v2/src/drafts/oss_policy.md) suggest we might need to make some logistics/organizational changes to the project to do this.

[THEtomaso]

Strange enough, with the release of v3.4.0, Avast no longer flagged the Windows installers as malware.
..but with v3.4.1, the warning returned!
Subtle compiling differences perhaps?

[joeraz]

The challenge is that they typically mark the versions as false positives when reported. The newer versions aren't always covered by the same detection.