Windows signature without timestamp

VLC 2.2.0 for Windows is signed without timestamp. To my knowledge, it results into time bomb when Windows will refuse to run binary after certificate expires. Timestamp from timestamping authority guarantees, that signing occured at specific time - while the certificate was valid.

Fix is as simple as adding "/t http://timestamp.verisign.com/scripts/timstamp.dll" argument to signtool.exe command. There are multiple timestamping authorities.

Sorry, but we don't use signtool.exe.

Do you have more information?

This issue includes both vlc.exe and installer and other binaries. I have no idea, what will windows do with .dll with expired certificate, but if signing, then do it properly.

What signing tool do you use?

Found it.

assigned to @jbk

added Component::Build system label

commit f63dce33 Author: Jean-Baptiste Kempf jb@videolan.org Date: Sun Mar 1 23:54:47 2015 +0100

Win32: timestamp the signature

Close [#14053](https://code.videolan.org/videolan/vlc/-/issues/14053)

Original author: jb@videolan.org

added Status::fixed label

closed

Will be fixed in 2.2.1

Thanks for fast fix :)

Replying to [comment:7 OndroNR]:

Thanks for fast fix :)

No problem, I had no idea what that was even about.

Did you see other issues?

No. That should be all about signing common programs in Windows. I will report any other issues I encounter.

OK, but we don't sign on Windows :)

If there are other fields missing, pelase say so.