Creating reports and dashboards | Stimulsoft community forum

Most of my work is in deployment with the building of MSI's.

Simple question.....why are files like Stimulsoft.Base.dll NOT digitally signed?

If Stimulsoft is a reputable development house ALL DLL's and Executables should be digitally signed....it's about ensuring these file are from Stimulsoft and they haven't been tampered with!

A lot of my work is also around Windows certifications and when I'm asked to package Stimulsoft files as part of a solution I have to now apply for special exclusions as Stimulsoft files don't conform to Microsoft Certification.

Please can we start to get these files digitally signed.

Neil

Hello, Neil.

NeilH wrote:Most of my work is in deployment with the building of MSI's.

Simple question.....why are files like Stimulsoft.Base.dll NOT digitally signed?

If Stimulsoft is a reputable development house ALL DLL's and Executables should be digitally signed....it's about ensuring these file are from Stimulsoft and they haven't been tampered with!

A lot of my work is also around Windows certifications and when I'm asked to package Stimulsoft files as part of a solution I have to now apply for special exclusions as Stimulsoft files don't conform to Microsoft Certification.

Please can we start to get these files digitally signed.

Unfortunately, we don't have plans to sign our libraries. We see no need to do it.

Thank you.

Pity, I was disappointed by your reply.....but if that's what you choose to do so be-it.

Can I suggest that you do investigate this, not only to help satisfy the needs of deployment and certifications, but in turn to help your sales. Some software houses by their nature will not be able use your tools purley because they are not signed.

My own development team for example would be prohibited and would have to turn to another vendor......for you that's a lost sale.......for the cost of digitally signing it is soon recovered by new sales and shows the integrity of the vendor.

These days there are very strict policies implemented on customer sites where unsigned code is prevented from running......I would think this would be in everyones interests to ensure we develop good safe running applications.

Code signing tells you that you are executing code from someone whose identity has been checked. More importantly, it tells you that the code has not been corrupted since it was signed, neither by virus infection nor by faulty file transfer. Change a single byte in a signed file and it immediately renders the signature broken.

Neil

Hello,

We consulted with our teamleader.
isAt the moment we are not going to sign our assembly. Sorry
But possibly it will be done with the release of our report server.

Thank you.