Notepad++ v8.8.2 Release
-
Windows 11 Professional, downloading this: Installer | GPG Signature
When I try to download this update I get this message:
Is this because of the security issue??
Thanks
Murray -
@Murray-Sobol-1 said in Notepad++ v8.8.2 Release:
Is this because of the security issue??
Rather because this binary is not signed.
-
@Murray-Sobol-1
I am now able to download the file ( a few hours later) but my virus program (Norton) rejects it.
I have submitted a FALSE positive report to Norton.
Murray -
@donho I sent you an email Yesterday which could help with aforementioned issue involving the code signing certificate.
-
@Murray-Sobol-1
Good news!! I re-downloaded the update and it installed with no issues!!
Thanks
Murray -
P PeterJones referenced this topic on
-
-
FYI, auto-updater has been triggered for this release.
-
Microsoft’s Windows Defender was not allowing the
npp.8.8.2.portable.7zfile on my machine claiming:
Detected: Trojan:Win32/Suschil!rfnOne puzzle is is that if I expand npp.8.8.2.portable.7z into a folder that a full scan of that folder reports “0 threat(s) found.”
Windows Defender was using 1.431.348.0 created/updated on 07/02/2025 6:13 AM. I checked for updates and got 1.431.355.0 created/updated on 07/02/2025 11:10 AM. I re-ran the scanner and it reports no threats found.
I assume this is not related to the code signing issue as I assume Windows Defender would still detect viruses in and and quarantine signed files.
I’m guessing it was a false positive from Windows Defender’s 1.431.348.0 package that Microsoft has since fixed.
-
D donho unpinned this topic on
-
SignPath offers free code signing for open source projects: https://about.signpath.io/product/open-source
-
@gdriggs ,
SignPath was already suggested and rejected here, because the SignPath-based certificate would not bear the name “Notepad++”, whereas the self-signed certificate used for v8.8.3 release does use the name “Notepad++”.
-
SignPath was already suggested and rejected here, because the SignPath-based certificate would not bear the name “Notepad++”, whereas the self-signed certificate used for v8.8.3 release does use the name “Notepad++”.
To clarify the situation, my clear preference is for the name Notepad++, as it aligns with the branding and ensures continuity of the project’s identity.
I avoid my personal name as signer because Notepad++ is a community project, I want its signature to remain separate from my individual identity - signing the release binaries under someone else’s name or a different brand would be an absurd option for me.
Both the brand name Notepad++ and the domain name notepad-plus-plus.org are acceptable. Since I own the domain name, it may be less challenging to validate.
FYI, DigiCert refused to issue a code signing certificate under the domain name notepad-plus-plus.org today.
If you know of any CA that can provide such a certificate, please let us know. If you’re having problem to create an account on the forum, feel free to cantact me via email: don.h@free.fr.
