Is It Possible to Sign Libraries (DLLs) from msys2 used in other Open Source/FOSS software to avoid Microsoft Code Integrity Blocking the DLLs?

[TESTER-sec]

Microsoft Security is slowly but surely, as part of a long term plan, to require Developers to sign their software (executables, DLLs, etc) with Authenticode. Otherwise Microsoft Code Integrity will blocked unsigned DLLs used from third party projects - rendering the overall application broken or functionality broken.

Is it possible for me to apply Authenticode to DLLs from msys2 into my product so that my Open Source/FOSS software is not blocked by Microsoft Code Integrity on Windows?

[trcrsired]

no. no code auth.

Microsoft needs to layoff ALL its security people like you who want to destroy user's freedom.

NO WALLED GARDEN. NO APP STORE.

NO WALLED GARDEN JUNK!! NO APP STORE!!! WALLED GARDEN OS SUCKS.

DO YOU EVEN UNDERSTAND IT VIOLATES GPL3.0 which prevents TIOVIZATION? GPL-3.0 explicit forbids the GPL projects to run in "trusted" platforms

[trcrsired]

FOSS and GPL 3.0 license explicits forbids tiovization which uses crypto schemes for users to run code.

If you microsoft keeps doing that. then bye bye, everyone will quit windows

[trcrsired]

Do you even understand what is FOSS? free software ok? it is NOT open source. it is to prevent bad players like you who restricts users' freedom at the excuse of "SECURITY"

https://www.gnu.org/philosophy/tivoization.html

It is already bad enough in the mobile market.

THERE ARE NO APPS for Windows s mode do you even understand! NO APPS. Why would anyone want this when they can just go buy a android tablet or ipad?

Do you understand why Windows Phone and UWP failed?

https://github.com/trcrsired/Portable-Cpp-Guideline?tab=readme-ov-file#walled-gardens

As a security researcher who gets my Ph.D. Repeat after me: THE MOST SECURE DEVICE IS USELESS

Microsoft Employee like you is exactly why people hate microsoft

[trcrsired]

Also now we have progressive web apps. There are NO REASON for trusted code anymore. Are you going to ban users for using browsers?

[lazka]

@trcrsired please stop the ranting

[trcrsired]

@trcrsired please stop the ranting

Signing binaries violate GPL3.0. it is not ranting. it is illegal.

considering GCC is GPL3.0, you cannot sign them.

Have you even looked at the mess on the mobile market where users cannot replace OS or even install softwares? Apple NEVER allowed sideloading on ios. Are you trying to help Microsoft to make PC not able to do anything? Should i pay microsoft $99 per year to be "developer" JUST to write helloworld in C? that is ridiculous. How long would that happen for users to even unable to access global internet by removing web browsers from the OS?

This is exactly why GPL3.0 and FOSS are against tivoization from licensing perspecitve.

[lazka]

As long as there is a way to sideload software that shouldn't be a problem. Otherwise Debian packages would be illegal as they are signed too.

I guess you are referring to:

• https://www.gnu.org/licenses/gpl-faq.html#GiveUpKeys
• https://www.gnu.org/licenses/gpl-faq.html#TwoPartyTivoization

[trcrsired]

As long as there is a way to sideload software that shouldn't be a problem. Otherwise Debian packages would be illegal as they are signed too.

I guess you are referring to:

• https://www.gnu.org/licenses/gpl-faq.html#GiveUpKeys
• https://www.gnu.org/licenses/gpl-faq.html#TwoPartyTivoization

“sideload” lol. Surface RT. Windows S mode. Windows Phone. disagrees since they do not allow sideloading.

Sideloading should even NOT be a term. It is installing my software. It is my machine. Microsoft has NO say on what programs i am running on my OWN machine. This is just purely monopoly

BTW. Microsoft would just kill Windows by going this route. Look at how many apps they had with Windows on ARM?

S mode WIndows and Surface RT runs even less APPs than Windows on ARM does. It just kills Windows. Why would anyone want this when they could just go grab an android tablet or ipad which have more APPs?

Funny Microsoft gave up Windows phone in the name of "lack of apps" when they are trying to ask other people to rewrite apps for them just for this "security" thing.

Even Android allows sideloading, you cannot just run helloworld.c since Microsoft banned .exe. F this junk. I compile LLVM/gcc by myself for Windows on Linux why should microsoft ban me for using my own build of LLVM/clang.

#include<stdio.h>
int main()
{
    printf("Hello World\n");
}

This code does not run which is ridiculous, considering even tap machines in 1960s could compile and run helloworld.c

The fact is that users have been gradually losing their basic rights over hardware and their softwares.

The problem of Windows S mode is that there are NO APPs.

[lazka]

I'm going to stop responding to you.

[trcrsired]

I'm going to stop responding to you.

You are losing arguments to debate. It is illegal. If you sign the apps, i would just sue you and microsoft for violating GPL 3.0

BTW. do not tell me anything about "security". I just got my Ph.D as a security researcher. The entire walled garden thing is ridiculous tbh. Nobody knows more than i do about this topic.

Big Tech's war against "sideloading" continues. With Microsoft and Google not far behind.
https://youtu.be/sT_ePyytBtc?feature=shared

[trcrsired]

@lazka @TESTER-sec
https://github.com/trcrsired/optionalwalledgardenthroughpwa/blob/main/optionalpwawalledgarden.pdf

Here is my rejected paper from ACM CCS 2025 on this topic since I haven't conducted experiment and evaluation. Which is a more practical approach than this "DLL and .exe signing" while it does not hurt users' freedom on computing. Microsoft failed UWP (Windows Phone), this will again fail due to lack of APPs.

Plus this should kill Google Chrome which should give Microsoft incentive to do so.