Digitally signing binaries
Captain's Log: Stardate 77948.7
The last couple of days I've been caught up in rehearsals for a couple of shows that I'm doing over the next few weeks, so instead of trying to do hard programming work during the scattered time I have available, I have been doing business setup stuff instead.
The main goal right now is to get to where I can digitally sign any binaries that I release, so that they will run on MacOS and Windows without any annoying pop-ups about untrusted software, etc. I really don't want to do even early Alpha testing in a way where people have to run un-signed binaries. It looks bad, and also is a little bit dangerous. There's also a very small benefit in terms of tamper protection: when someone inevitably cracks the simple copy protection that Anukari will have, users that pirate it will see that it's untrusted software. Not that they'll care, but at least it will be easy to tell if a copy is legitimate.
For MacOS, this means getting an Apple Developer account verified. It's nice that you just deal with Apple, but their process is pretty opaque. At various steps things have gone wrong and it's really unclear why. But finally I got to what I think is the last business verification step, after previously jumping through the hoop of getting something called a D-U-N-S number (which is a whole other annoying bureaucratic story). Hopefully this will go through soon.
For Windows, Microsoft allows 3rd-party certificate authorities. Which in theory is cool since it's more open. But you essentially have two choices: (1) Digicert, which is ULTRA-expensive (like 4x the next-cheapest option), but extremely professional, and used by all the big software shops, and (2) all the other authorities, which are way cheaper but all feel a tiny bit sketchy in one way or another. Mostly the cheaper authorities seem like they have really bad customer service, or bad business practices, or send a bunch of your private info offshore, etc.
But anyway, I went with signmycode.com after discovering that the one that everyone recommends, ksoftware.net, is defunct. They've been good so far, and had a very good price for a Sectigo certificate. Right now the approval is all ready except the last detail of verifying the business phone number. This is annoying, since I'm going to have to take the call mid-rehearsal if that's when it comes in.
All that said, I am hoping to get these two certificate things done in the next week or so, which will be really exciting because they are the last frustrating bureaucratic hurdles I need to jump in order to start releasing the software to people. Of course... I do need to finish the software first, too. 😄