Details
-
Bug
-
Resolution: Duplicate
-
P1: Critical
-
5.0.0
-
None
Description
Qt 5 binary package installers don't appear to be signed in a way that Windows 7 finds acceptable. Windows reports "The publisher of this package cannot be verified" both when launching the installer and when displaying the "View Downloads" page.
This is also the case for QtQDK and stand-alone Qt Creator packages (using ifw) old Qt 4.7.x and earlier packages (using nsis) published by Nokia. Qt 4.8.x packages published by Digia do not have this problem and correctly show the publisher as "Digia Plc".
In the past, such warnings from Windows have caused a lot of questions from security-conscious users about whether the packages are safe to install.
Presumably we simply need to purchase an appropriate certificate and signing tool from a reputable signing authority, and put a process in place to ensure that the certificate gets renewed when necessary.