On Monday, 15 August 2016 at 23:58:01 UTC, Mike Parker wrote:
> On Monday, 15 August 2016 at 20:43:59 UTC, Basile B. wrote:
>
>> It's not trolling (unless you define trolling as "everything that goes againt my position"), I just exposed my arguments. I'm afraid to see people overreacting in front of a minor and temporary problem. It seems that 3 or 4 posts are considered enough to act but you (the "pro-certificate-ppl") do not try to see why 3 or 4 posts could be "not enough"), i.e you are biased. You are about to act just because of what's happening right now.
>
> Is there some threshold for a bug report to be considered actionable? Aside from that, given that a small percentage of D users actually post in the forums, four posts on the same issue is something that ought to be taken as a problem. There's no way to know how many have encountered it and just decided to go elsewhere. It's not about being "pro-certificate", but about solving a problem that's potentially damaging to the perception of D.

Ok ok ok. It's been something like three hours I've been thinking to this.
Clearly I've exposed my **own POV** about some stuff I don't like about what Windows is becoming. But for the good of everybody (i.e I forget my own little griefs) that would be certainly nice to have a certificate for the D fundation. But it won't change the fact that once setup quitely thanks to the certificate...the language and standard libraries issues are still there ;)

On Monday, 15 August 2016 at 20:43:59 UTC, Basile B. wrote:
> I'm afraid to see people overreacting in front of a minor and temporary problem.

This is not the first time this is a problem.

Our scanner at Remedy regularly used to block code sent to and from Walter at the email level. Sometimes things just wouldn't be received on either side.

Our scanner also used to pick up the DMD that we shipped to our work environments until we added an exception for it.

I just put a clean install of Visual Studio and Visual D on this laptop in case some people want to see some D stuff after my talk today. Windows Defender blocked my download of DMD.

D code seems to be sufficiently different that virus scanners get confused. Both Windows Defender and F-Secure complained about it being the same trojan in fact.

This cannot be a problem if we expect people to get in to the language. If the first stop download is picked up as a virus? This is unbelievably bad.

On Monday, 15 August 2016 at 19:58:14 UTC, Brad Anderson wrote:
> Please share your suggestions for how to help with the false positive issue (or just continue laughing in ignorance based on an assumption of something I never said).

DevExpress components are distributed as an encrypted self-extracting 7zip archive. No idea why, but might fool Windows Defender from doing anything.

On Tuesday, 16 August 2016 at 05:38:00 UTC, Ethan Watson wrote:
> D code seems to be sufficiently different that virus scanners get confused.

Well, nothing can be said for sure as nobody bothered with data, but if all assumptions are met, one thing to try is to compile with msvc toolchain and/or ldc and see if it makes a difference.

On Tuesday, 16 August 2016 at 05:38:00 UTC, Ethan Watson wrote:
> D code seems to be sufficiently different that virus scanners get confused. Both Windows Defender and F-Secure complained about it being the same trojan in fact.

Don't see any F-Secure problem for dmd-2.071.1.exe.
https://virustotal.com/en/file/7f7fc5c7707425bcde05cf2e6b5e1f35358061d9adb870bd4e943bf9973f9bbe/analysis/

On Monday, 15 August 2016 at 20:47:10 UTC, Basile B. wrote:
>> Please share your suggestions for how to help with the false positive issue (or just continue laughing in ignorance based on an assumption of something I never said).
>
> If the origin of the problem is NSIS then in a first time it would be worth trying InnoSetup or also a MSI installer.

We already had that in our backlog b/c maintaining the NSIS installer is a mess.

Let's try to build a proper MSI installer w/ InnoSetup.
https://issues.dlang.org/show_bug.cgi?id=15284#c20
http://forum.dlang.org/post/gjdwctcoakpfxzyjdgzw@forum.dlang.org

On 08/20/2016 03:21 PM, Martin Nowak wrote:
> On Monday, 15 August 2016 at 20:47:10 UTC, Basile B. wrote:
>>> Please share your suggestions for how to help with the false positive issue (or just continue laughing in ignorance based on an assumption of something I never said).
>>
>> If the origin of the problem is NSIS then in a first time it would be worth trying InnoSetup or also a MSI installer.
> 
> We already had that in our backlog b/c maintaining the NSIS installer is a mess.
> 
> Let's try to build a proper MSI installer w/ InnoSetup. https://issues.dlang.org/show_bug.cgi?id=15284#c20 http://forum.dlang.org/post/gjdwctcoakpfxzyjdgzw@forum.dlang.org

https://trello.com/c/pDvkBVVZ/70-switch-windows-installer-to-msi-using-innosetup

On Saturday, 20 August 2016 at 13:26:03 UTC, Martin Nowak wrote:
> On 08/20/2016 03:21 PM, Martin Nowak wrote:
>> On Monday, 15 August 2016 at 20:47:10 UTC, Basile B. wrote:
>>>> Please share your suggestions for how to help with the false positive issue (or just continue laughing in ignorance based on an assumption of something I never said).
>>>
>>> If the origin of the problem is NSIS then in a first time it would be worth trying InnoSetup or also a MSI installer.
>> 
>> We already had that in our backlog b/c maintaining the NSIS installer is a mess.
>> 
>> Let's try to build a proper MSI installer w/ InnoSetup. https://issues.dlang.org/show_bug.cgi?id=15284#c20 http://forum.dlang.org/post/gjdwctcoakpfxzyjdgzw@forum.dlang.org
>
> https://trello.com/c/pDvkBVVZ/70-switch-windows-installer-to-msi-using-innosetup

"to MSI using innosetup" ?

There's a misunderstanding here. Inno setup doesn't compile to MS installer, it's a complete independant solution.

On Saturday, 20 August 2016 at 13:45:11 UTC, Basile B. wrote:
> "to MSI using innosetup" ?
>
> There's a misunderstanding here. Inno setup doesn't compile to MS installer, it's a complete independant solution.

Whatever makes more sense. From my very limited understanding .msi installers are natively understood installers in Windows, and the weapon of choice for robust and more professional installers.
If innosetup is just another NSIS like tool, it might not solve all our problems.

We're fairly clueless here and could really use help here.

Just signing the NSIS installers could work for now, any support for this hypothesis.
I tried to submit the latest release as sample to Microsoft but their file upload had a size limit smaller than the binary.

On Tuesday, 11 October 2016 at 01:37:55 UTC, Martin Nowak wrote:
> On Saturday, 20 August 2016 at 13:45:11 UTC, Basile B. wrote:
>> "to MSI using innosetup" ?
>>
>> There's a misunderstanding here. Inno setup doesn't compile to MS installer, it's a complete independant solution.
>
> Whatever makes more sense. From my very limited understanding .msi installers are natively understood installers in Windows, and the weapon of choice for robust and more professional installers.
> If innosetup is just another NSIS like tool, it might not solve all our problems.
>
> We're fairly clueless here and could really use help here.
>
> Just signing the NSIS installers could work for now, any support for this hypothesis.
> I tried to submit the latest release as sample to Microsoft but their file upload had a size limit smaller than the binary.

I worked with NSIS and InnoSetup. InnoSetup is much cleaner and easier.
At work we switched from NSIS to InnoSetup and we create MSI packages from NSIS and InnoSetup packages IIRC.
I think it's better to go with InnoSetup because it might be more easy and probably more powerful than building MSI directly. But I don't have any experience with building an MSI installer and the feature set of MSI.
We are also signing the installer and all exe and DLLs inside.