Well, seeing how my last comment on getting this to Github is already over a month old, I should probably start working a bit more continuously on the projects I start. Anyways, have rewritten, simplified and recompiled this project now and thus tried pushing it to Github.
All in all though, I feel like the current version is usable and stable enough for a public release. I even compiled it on a fresh EC2, so there is no way my clogged up hard drive could have had any negative impact on it (as has sadly happend in the past).
The only I’d need for it now, would be the content of the legal disclaimer at the beginning of the installer. Should I simply copy the one we currently display when importing Whonix? I am not certain what legal ramifications there could be to guard against, so this is something which should definetly be discussed beforehand. Once we’ve dealt with that, this should be ready for release.
Oh. Please do not mix source code and binary data into the same folder.
Binary data is probably not welcome at any free git hosting service as far as I know. (However, the worst that can happen is hitting a data limit or having the account deleted.)
So one git project should contain all the source code and perhaps textual build instructions. Another option to host build instructions is Whonix wiki (where for example Whonix build documentation is located).
The whole disclaimer stuff is pretty experimental and unclear, little tested legal waters. It’s a protection from being sued. Hopefully. The idea is that Whonix is free, therefore only “lesser liability laws” for free stuff applies. Also it is upfront about being experimental. By explaining it in detail, it should be difficult to pretend having gotten to pretend that someone thought Whonix provides strong guarantees for anything and now something unrelated on their computer is broken and Whonix is fault.
Any idea where we can upload your binaries then? I guess we should distribute them from whonix.org. How do we grant upload access to Ego? We’ll install sftp or something or create an ssh user account with access to a Windows downloads access folder? @fortasse
I finally got to look into this. Hopefully I am able to test within a Windows 7 64bit VirtualBox VM.
Is it a sane assumption to think that due to platform specificness, it is very much unlikely that these components will be ever ported to non-Windows platforms? If so, can we please find better repository names?
Well, if you go through the thread you’ll see that the only solution working is Authenticode, which requires a ~80$ per year certificate to function properly. Currently, there are no requirements for doing something like this thus, as asking developers to pay for a certificate for every program they make would be problematic.
However, UWP, which is somewhat of an “successor” to the old WPF is providing signing in some form without a certificate. However, UWP only works on Windows 10 devices which is why I didn’t use it. Also, the signing is somewhat tied to Microsofts own store front.
Either way, since the UI will likely only be optained via the installer which should be completley verified via GPG, I don’t see a big issue in not having such a feature at the moment.
When pressing Advanced while VirtualBox is not installed (test case) the application crashed (with “Windows looking for solution thingy” [that never worked for me for anything :)].
When pressing Start while VirtualBox is not installed (test case) a cmd.exe opens that points out the standard Windows message if a binary is not available for VBoxMange. (Certainly a better way to fail than above.) A more helpful message in such cases would be desirable.