GitLab

Right now we have no way to prove to users that we made the Windows packages we distributed, besides giving them signature files, which I feel extremely confident that 99% of them never check. We had a discussion at the Tor dev meeting in July about methods for using Microsoft's built-in signing tools. I have unfortunately forgotten the details of that discussion, but this ticket will serve as a place to dump any details we rediscover.