Sign the Windows release for improved security

[meenbeese]

Is there an existing issue for this?

• I have searched the existing issues

Pain

The .exe release of Spotube is falsely flagged as a virus according to various users have complained in #613 and #673 , which may cause them to distrust the program. We should try our best not to allow this to happen to signal trust to all users and ease their concerns about Spotube doing any sort of suspicious activitiy.

Suggested solution

That said, this is not a must-have but rather a good-to-have because signing programs can cost a lot of money sometimes. This issue does not need to be addressed immediately if a low-cost option cannot be found and can be resolved when there are enough donations to fund such a project.

Useful resources

A few resources that I found:
Microsoft -> https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool
Microsoft -> https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
Digicert -> https://www.digicert.com/kb/code-signing/code-signing-winqual.exe-file.htm
Comodo -> https://cheapsslweb.com/comodo-code-signing

Additional information

Stack Overflow has a post weighing the pros/cons of the different methods of signing a Windows executable: https://stackoverflow.com/questions/252226/signing-a-windows-exe-file

[KRTirtho]

Yes, you're unfortunately right. People tend to believe the Microsoft's "certificates" & windows portrays uncertified apps worse than malwares
It's sad to see the only thing that needs any spyware, malware etc to be trusted is money & the bogus signtool
If it was a proper verification, there was a point of this. But this is just pure business. Shame on them. No regret that I stopped using windows

But yea if I get chance I'll try to sign the app