On Wednesday, June 27, 2018 16:54:55 Manu via Digitalmars-d wrote:
> Hey people,
>
> So I had a few people in the office refuse to install DMD because when
> they launched the installer, Windows displayed the prompt that it was
> untrusted (ie, unsigned) and not offer the install button without
> manual override.
> True also for VisualD.
>
> Can we get a key and start signing the install packages?
>
> It would be super-cool to sign the 2.081 release since it's like, imminent ;)

I'm certainly not against getting it signed (though I have no idea what's involved with that). However, I'm surprised that anyone actually pays attention to that or cares.

- Jonathan M Davis

On Wed, 27 Jun 2018 at 17:16, Jonathan M Davis via Digitalmars-d <digitalmars-d@puremagic.com> wrote:
>
> On Wednesday, June 27, 2018 16:54:55 Manu via Digitalmars-d wrote:
> > Hey people,
> >
> > So I had a few people in the office refuse to install DMD because when
> > they launched the installer, Windows displayed the prompt that it was
> > untrusted (ie, unsigned) and not offer the install button without
> > manual override.
> > True also for VisualD.
> >
> > Can we get a key and start signing the install packages?
> >
> > It would be super-cool to sign the 2.081 release since it's like, imminent ;)
>
> I'm certainly not against getting it signed (though I have no idea what's involved with that). However, I'm surprised that anyone actually pays attention to that or cares.

Windows hides the install button from you, you have to press the
underlined "More Info" text (at the bottom of the "It's so unsafe
bro!" blurb), and then "Run Anyway".
It says "Windows Defender SmartScreen prevented an unrecognized app
from starting. Running this app might put your PC at risk.", which
looks threatening!

On Wed, 27 Jun 2018 at 17:24, Manu <turkeyman@gmail.com> wrote:
>
> On Wed, 27 Jun 2018 at 17:16, Jonathan M Davis via Digitalmars-d <digitalmars-d@puremagic.com> wrote:
> >
> > On Wednesday, June 27, 2018 16:54:55 Manu via Digitalmars-d wrote:
> > > Hey people,
> > >
> > > So I had a few people in the office refuse to install DMD because when
> > > they launched the installer, Windows displayed the prompt that it was
> > > untrusted (ie, unsigned) and not offer the install button without
> > > manual override.
> > > True also for VisualD.
> > >
> > > Can we get a key and start signing the install packages?
> > >
> > > It would be super-cool to sign the 2.081 release since it's like, imminent ;)
> >
> > I'm certainly not against getting it signed (though I have no idea what's involved with that). However, I'm surprised that anyone actually pays attention to that or cares.
>
> Windows hides the install button from you, you have to press the
> underlined "More Info" text (at the bottom of the "It's so unsafe
> bro!" blurb), and then "Run Anyway".
> It says "Windows Defender SmartScreen prevented an unrecognized app
> from starting. Running this app might put your PC at risk.", which
> looks threatening!

I guess people feel nervous about installing allegedly potentially dangerous software on their corporate workstation.

On Wednesday, June 27, 2018 17:26:36 Manu via Digitalmars-d wrote:
> On Wed, 27 Jun 2018 at 17:24, Manu <turkeyman@gmail.com> wrote:
> > On Wed, 27 Jun 2018 at 17:16, Jonathan M Davis via Digitalmars-d
> >
> > <digitalmars-d@puremagic.com> wrote:
> > > On Wednesday, June 27, 2018 16:54:55 Manu via Digitalmars-d wrote:
> > > > Hey people,
> > > >
> > > > So I had a few people in the office refuse to install DMD because
> > > > when
> > > > they launched the installer, Windows displayed the prompt that it
> > > > was
> > > > untrusted (ie, unsigned) and not offer the install button without
> > > > manual override.
> > > > True also for VisualD.
> > > >
> > > > Can we get a key and start signing the install packages?
> > > >
> > > > It would be super-cool to sign the 2.081 release since it's like, imminent ;)
> > >
> > > I'm certainly not against getting it signed (though I have no idea
> > > what's
> > > involved with that). However, I'm surprised that anyone actually pays
> > > attention to that or cares.
> >
> > Windows hides the install button from you, you have to press the
> > underlined "More Info" text (at the bottom of the "It's so unsafe
> > bro!" blurb), and then "Run Anyway".
> > It says "Windows Defender SmartScreen prevented an unrecognized app
> > from starting. Running this app might put your PC at risk.", which
> > looks threatening!
>
> I guess people feel nervous about installing allegedly potentially dangerous software on their corporate workstation.

Honestly, that's exactly the sort of thing that I always ignore. I'd pay attention if anti-virus software outright said that it found a virus, but "unrecognized software?" That's exactly the sort of thing that's just going to get me pissed off at Microsoft for getting in my way. Though honestly, Microsoft pops up so many useless messages that it becomes easy to miss any that actually matter, because you have to skip through so many of them all the time that you stop paying attention to them. So, I'm definitely surprised to hear about programmers refusing to install something just because Microsoft doesn't recognize it.

- Jonathan M Davis

On Thursday, 28 June 2018 at 00:15:54 UTC, Jonathan M Davis wrote:
> On Wednesday, June 27, 2018 16:54:55 Manu via Digitalmars-d wrote:
>> Hey people,
>>
>> So I had a few people in the office refuse to install DMD because when
>> they launched the installer, Windows displayed the prompt that it was
>> untrusted (ie, unsigned) and not offer the install button without
>> manual override.
>> True also for VisualD.
>>
>> Can we get a key and start signing the install packages?
>>
>> It would be super-cool to sign the 2.081 release since it's like, imminent ;)
>
> I'm certainly not against getting it signed (though I have no idea what's involved with that). However, I'm surprised that anyone actually pays attention to that or cares.
>
> - Jonathan M Davis

My AV at work actually blocks DMD, so signing it would also help with whitelisting it and other D tools (I manage the AV anyways so I just moved myself to a more lax policy). I wouldn't be too surprised if this is the case elsewhere.

On 6/27/2018 5:34 PM, Jonathan M Davis via Digitalmars-d wrote:
> On Wednesday, June 27, 2018 17:26:36 Manu via Digitalmars-d wrote:
>> I guess people feel nervous about installing allegedly potentially
>> dangerous software on their corporate workstation.
> 
> Honestly, that's exactly the sort of thing that I always ignore. I'd pay
> attention if anti-virus software outright said that it found a virus, but
> "unrecognized software?" That's exactly the sort of thing that's just going
> to get me pissed off at Microsoft for getting in my way. Though honestly,
> Microsoft pops up so many useless messages that it becomes easy to miss any
> that actually matter, because you have to skip through so many of them all
> the time that you stop paying attention to them. So, I'm definitely
> surprised to hear about programmers refusing to install something just
> because Microsoft doesn't recognize it.
> 
> - Jonathan M Davis

It's all about removing resistance and raising the level of professionalism.  D isn't a hobby project and shouldn't act like one. This is an obvious barrier that's worth removing.  In this day and age of rampant actively dangerous software, it's an obvious improvement to sign it and make the strong claim that this is produced and vended by the d foundation and we vouch for it's contents.  We already do for some (all?) of the posix distribution bundles.

On Wednesday, June 27, 2018 17:59:42 Brad Roberts via Digitalmars-d wrote:
> On 6/27/2018 5:34 PM, Jonathan M Davis via Digitalmars-d wrote:
> > On Wednesday, June 27, 2018 17:26:36 Manu via Digitalmars-d wrote:
> >> I guess people feel nervous about installing allegedly potentially dangerous software on their corporate workstation.
> >
> > Honestly, that's exactly the sort of thing that I always ignore. I'd pay
> > attention if anti-virus software outright said that it found a virus,
> > but
> > "unrecognized software?" That's exactly the sort of thing that's just
> > going to get me pissed off at Microsoft for getting in my way. Though
> > honestly, Microsoft pops up so many useless messages that it becomes
> > easy to miss any that actually matter, because you have to skip through
> > so many of them all the time that you stop paying attention to them.
> > So, I'm definitely surprised to hear about programmers refusing to
> > install something just because Microsoft doesn't recognize it.
> >
> > - Jonathan M Davis
>
> It's all about removing resistance and raising the level of professionalism.  D isn't a hobby project and shouldn't act like one. This is an obvious barrier that's worth removing.  In this day and age of rampant actively dangerous software, it's an obvious improvement to sign it and make the strong claim that this is produced and vended by the d foundation and we vouch for it's contents.  We already do for some (all?) of the posix distribution bundles.

Well, as I said in my initial response, I have no problem with the installer being signed. I'm just surprised that any programmers would care.

- Jonathan M Davis

> It's all about removing resistance and raising the level of professionalism.  D isn't a hobby project and shouldn't act like one. This is an obvious barrier that's worth removing.  In this day and age of rampant actively dangerous software, it's an obvious improvement to sign it and make the strong claim that this is produced and vended by the d foundation and we vouch for it's contents.  We already do for some (all?) of the posix distribution bundles.


Well said, thanks.

On Thursday, 28 June 2018 at 01:34:22 UTC, Jonathan M Davis wrote:
> On Wednesday, June 27, 2018 17:59:42 Brad Roberts via Digitalmars-d wrote:
>> On 6/27/2018 5:34 PM, Jonathan M Davis via Digitalmars-d wrote:
>> > On Wednesday, June 27, 2018 17:26:36 Manu via Digitalmars-d wrote:
>> >> I guess people feel nervous about installing allegedly potentially dangerous software on their corporate workstation.
>> >
>> > Honestly, that's exactly the sort of thing that I always ignore. I'd pay
>> > attention if anti-virus software outright said that it found a virus,
>> > but
>> > "unrecognized software?" That's exactly the sort of thing that's just
>> > going to get me pissed off at Microsoft for getting in my way. Though
>> > honestly, Microsoft pops up so many useless messages that it becomes
>> > easy to miss any that actually matter, because you have to skip through
>> > so many of them all the time that you stop paying attention to them.
>> > So, I'm definitely surprised to hear about programmers refusing to
>> > install something just because Microsoft doesn't recognize it.
>> >
>> > - Jonathan M Davis
>>
>> It's all about removing resistance and raising the level of professionalism.  D isn't a hobby project and shouldn't act like one. This is an obvious barrier that's worth removing.  In this day and age of rampant actively dangerous software, it's an obvious improvement to sign it and make the strong claim that this is produced and vended by the d foundation and we vouch for it's contents.  We already do for some (all?) of the posix distribution bundles.
>
> Well, as I said in my initial response, I have no problem with the installer being signed. I'm just surprised that any programmers would care.
>
The issue in professional setting is not just necessarily about the programmer himself but the policies of its company or the IT team in charge of the devs PC.
As stated elsewhere, I work in a public adminsitration and the IT is handled by another directorate than the directorate I work for. The IT department is in charge of more than 15,000 PC's. You can imagine that they do everything to have their control over that fleet by normalising and tightening policies. They acknowledge that the developpers need a little bit more leverage and freedom on their machines by providing some local admin rights, but even with that, it is sometime quite difficult to install anything not from the official approved list.
Unfortunately, D has been quite annoying to install. The last version i.e. 2.080 for instance didn't install as there is one of the binaries that get quarantained by the anti-virus. Anti-virus I cannot influence because local admin rights are not sufficient to whitelist a file.
Installing 64 bit code is also a chore as dmd delegates the installation of the required libs to the Microsoft installer. The problem, the Microsoft installer is incapable to get through our proxy and there's no offline installation option anymore since 2017. I know it's a Microsoft issue, but it is part of the things that makes using D quite challenging. I'm highy motivated and am not pressed by deadlines so it doesn't bother me too much, but I can imagine that somehow reluctant devs will stop at the first hurdle encountered.