Windows 8 Code Signing

[PyTom]

I'm trying to decide how much I want to prioritize Windows 8 code signing.

Right now, when you run Ren'Py - or a Ren'Py game on Windows 8, you get the securescreen warning. It's a fairly complex task to get the game running - you have to view more information, and only then does it let you pick "Run Anyway".

Right now, you can't code sign a Ren'Py application. Well, you can, but the result is insecure - if someone changes a .rpy file, Ren'Py will be happy to run the changed code. My thinking is that I'd like to modify Ren'Py such that it verifies script files it wants to load - python modules, dlls, .rpy files, and so on.

Ren'Py won't sign your code for you. Instead, it will produce a .exe file that can be signed, and it will be up to you to sign it with a code signing certificate that you purchase.

I'm trying to get a feel for how necessary this is, and how many people will take advantage of this functionality once it's present. Has SecureScreen become an issue in practice, amongst the VN and indie game communities? Or is it just something that doesn't matter.

(Note that my time to work on Ren'Py is a limited resource - if I'm working on this, I'm not working on things that are more important.)

[jack_norton]

I think the situation is worse on Mac actually - with the default setting of Mountain Lion, you CAN'T run a unsigned Ren'Py game. On Win8 you can still run it, even if you have to click 2-3 times.
Honestly I don't think this will be an issue until Win8 becomes more spread, I'd rather have new features. Or (in a remote future) the possibility to run as Metro app.
Since codesigning should be done by people using external certificates (obviously you can't provide them) I don't see much use for what you're planning to do since it doesn't make it easier in practice. If someone changes a .rpy code, well that can happen with any other game engine as well, changing any resource/code file.

Sadly because of those closed-minded OS developers, in a very soon future most people will be unable to use Ren'Py to make freewares like in the past considering how expensive those certificates are in particular...

[papillon]

I'm worried about codesigning becoming a necessity, but I'm not blasting fullspeed ahead into it. I'm hoping there will be enough resistance to survive...

[PyTom]

According to MS @ http://blogs.msdn.com/b/ieinternals/arc ... ation.aspx

When downloading installation packages from the Internet, the browser and/or Windows Shell will only check the digital signature on the installer itself.

Note: Typically, Windows does not itself check the digital signature when running a locally-installed version of your program; it only checks the signature when the program bears a Mark-of-the-Web indicating that it was downloaded from the Internet or extracted from an archive downloaded from the Internet.

So it looks like signing a windows installer will be sufficient.

That being said, I'm keeping an eye on this. If people more active in the general indie game community could let me know what the best practices are - and if they change - then that would be helpful.

[SundownKid]

I don't think this will be a big deal in the near future; not only does Windows 8 seem like the ugly duckling OS, but people will turn the warnings off just like they did User Account Control. I, for one, hate the new "tablet interface" and minimalist design, and I don't think a lot of people will take to it like they did Windows 7.

[LateWhiteRabbit]

I don't think this will be a big deal in the near future; not only does Windows 8 seem like the ugly duckling OS, but people will turn the warnings off just like they did User Account Control. I, for one, hate the new "tablet interface" and minimalist design, and I don't think a lot of people will take to it like they did Windows 7.

I think this will be the case as well. I've got two friends that work tech at different chain stores, and they tell me that despite holding huge launch events, they've each only managed to sell two copies of Windows 8 since its official launch. They say many people start a conversation about Windows with them by saying, "I've heard Windows 8 isn't good, is that true?" So word of mouth may sink Windows 8 like it did Vista.

I, like SundownKid, believe this will very much be a UAC / Vista issue, where it was so upfront and annoying that everyone turned it off.

It would be nice if we had the option to code sign Ren'Py games in a secure way, but I'm doubtful of the necessity this early in the game. I don't think Windows 8 has been in the wild long enough for us to determine how large an issue this is or isn't going to be.

[jack_norton]

Yeah, right now there's nothing to worry at all. I did a lot of research (you remember I was quite scared).
Win8 so far isn't doing really well. I checked the appstore, and is really ugly. No big names except, of course, MS own titles (Fables 3 for example). But those are available also elsewhere... Steam for example.
I don't know what they are planning to do - they're offering big promo for indies that publish metro apps right now (prize+marketing campaign). So that's a signal they clearly want to push their OS.

What I HOPE will happen, is that this new Win8 interfaces remains on tablet only, but from Win9 they get back to the default desktop view. I don't think that will be the case though.

When I codesigned my apps, the program codesigned BOTH the installer and the .exe. The installer will be enough for the "smartscreen filter", but for example even distributing your games as .zip could avoid that (not sure, some indies told me that). In any case there's no way that Ren'Py will be able to offer easy codesign, since is a complex thing to setup and you need to get your own certificate anyway.

The best is hope that people will be able to "make the right decisions" as I posted, I think will be much worse on Macs, but they're becoming such a small amount of percentage of my users that soon will be more interested in supporting Linux than Mac.

[Biomass]

The only way you'll make me use Windows 8 is to shove it down my slit throat. It really is the Vista of this generation.

[jack_norton]

For this year MS has plan to provide free updates to the next version. Inevitably many people will install it since, hey, is FREE! (like if Linux wasn't). I think in the long run, like 4-5 years from now, normal apps (like the exe produced by Renpy) won't be playable anymore, or maybe with things like the equivalent of modern DOSBOX