[kstars] [Bug 458351] [macOS] trustworthy code-signed download was replaced with a completely unsigned binary

[Rob]

https://bugs.kde.org/show_bug.cgi?id=458351

--- Comment #3 from Rob <rlancaste at gmail.com> ---
So I have been building KStars DMGs and releases on my machine since 2016 or so
and every release was built and released that way.  It was only a very short
time (~ 1 month or so) that we have been using the KDE binary built version
because my script broke.  I only finally managed to get my craft recipes on the
kde binary server so that we could have nightly versions and releases built
there in January of 2022.  But I am still building official releases on my
machine.  I just recently fixed my script and uploaded the new version.  I
wouldn't say that there was a "trusted" version until now and it suddenly was
replaced with a "hacked" one.  We were only using that "trusted" version for a
very short time as a stopgap measure until we fixed some issues.  There are
still several other things that I have in the dmg that are not properly
duplicated in the craft kde binary server built version and I would not like to
switch to them as the official version of releases until I can get craft to do
those things properly.

Also my dmgs have not been code signed because I have not spent my own money to
get a developer certificate.  Is it possible for me to build on my own machine
with the KDE developer certificate or must that be done from the KDE binary
server only?

-- 
You are receiving this mail because:
You are watching all bug changes.