Skip to content

Commit a3f7f75

Browse files
Geeven SinghCopilot
Geeven Singh
and
Copilot
committed
Add CODE_SIGNING_POLICY.md
Prep work for applying to the SignPath Foundation OSS code-signing program. Documents intended signing scope, the single-maintainer team-roles section reviewers ask for, and DiffViewer's local-only privacy posture. Phase 0 of the in-app auto-update plan: signing is needed before the auto-update channel can ship without re-prompting SmartScreen on every release. AI-Local-Session: 4519f6b6-393a-4476-8efa-410e5396c3a9 AI-Cloud-Session: 72f9e474-60ab-42c2-b2a0-28fee827cbbb Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent b9a430e commit a3f7f75

1 file changed

Lines changed: 40 additions & 0 deletions

File tree

CODE_SIGNING_POLICY.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
# Code signing policy
2+
3+
DiffViewer aims to ship its Windows release binaries signed with a
4+
free open-source code signing certificate provided by the
5+
[SignPath Foundation](https://signpath.org/) via
6+
[SignPath.io](https://about.signpath.io/).
7+
8+
> **Status:** Application to the SignPath Foundation is pending. Until
9+
> the certificate is in place, release binaries are unsigned and
10+
> Windows SmartScreen warns on first run; see the README's "Install"
11+
> section for the click-through path.
12+
13+
## Project scope
14+
15+
This policy applies to all release artifacts published to the
16+
[GitHub Releases page](https://github.com/geevensingh/DiffViewer/releases).
17+
Today that is a single-file portable `DiffViewer.exe`; once auto-update
18+
support ships, a Setup installer will be added alongside it and will
19+
also be covered by this policy.
20+
21+
## Team roles
22+
23+
DiffViewer is a single-maintainer open-source project.
24+
25+
- **Committers and reviewers:** [@geevensingh](https://github.com/geevensingh)
26+
- **Approvers:** [@geevensingh](https://github.com/geevensingh)
27+
28+
## Privacy policy
29+
30+
DiffViewer is a local-only developer tool. The only networked activity
31+
it performs is on direct user action: fetching a GitHub pull request
32+
the user has explicitly asked it to review, by calling the GitHub
33+
REST API on the user's behalf with credentials they obtained via
34+
`gh auth login`. No telemetry, usage tracking, analytics, or
35+
background networked activity is performed.
36+
37+
User-supplied GitHub OAuth tokens are obtained on-demand from
38+
`gh auth token` at the moment of an outbound API call, held in memory
39+
only for the duration of that call, and are never persisted to disk
40+
by DiffViewer.

0 commit comments

Comments
 (0)