On Wednesday, Don Ho, Notepad++ developer announced the release of Notepad++ 7.6.4. He also shared that from this release onwards, users will not see the blue-trusted User Access Control (UAC) popup as Notepad++ has dropped code signing for its releases. UAC is a Windows security feature which helps prevent unauthorized changes to operating systems.
Why Notepad++ decided to drop code-signing for its releases?
DigiCert, a US-based X.509 SSL certificate authority, donated a three years code signing certificate to Notepad++ in 2016, which has now expired. Now when Don Ho was trying to repurchase a new certificate from Certum, a Certification Authority, he was required to mention a Common Name (CN). The problem here is that as Notepad++ is not a company or organization, Certum did not allow him to use Notepad++ as CN.
Additionally, he also feels that these code-signing certificates are too overpriced. He added in the blog post, “Notepad++ has done without a certificate for more than 10 years, I don’t see why I should add the dependency now (and be an accomplice of this overpricing industry). I decide to do without it.”
This sparked a discussion on Hacker News, and many users supported the developer’s decision. One of the users commented, “Well I don't care if the developer paid the certificate, and I don't see why someone that develops FOSS should pay money for something that doesn't bring to him any of that money back. At least for open source software certificates should be offered for free, in my opinion.”
Don Ho mentioned in the announcement that this decision will not have any effect on Notepad++ security whatsoever, but it will be less flexible from before:
- As always, every release will come with SHA256 hash of the installed and other packages.
- The SHA256 hash of all components such as ‘SciLexer.dll’, ‘GUP.exe’, and ‘nppPluginList.dll’ will be checked by Notepad++
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €14.99/month. Cancel anytime
- Markdown support was planned to land in Notepad++ 7.6.3 version, but the needed file wasn’t deployed correctly by the installer. This bug is now fixed in Notepad++ 7.6.4.
- Additionally, this release fixes a few vulnerable issues and some crash bugs identified in the European Commission's Free and Open Source Software Auditing Bug Bounty program.
To read the original announcement, visit Notepad++’s official website.
EU to sponsor bug bounty programs for 14 open source projects from January 2019
Browser based Visualization made easy with the new P5.js
5 Reasons to learn programming
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
South Africa
Thailand
Ukraine
Switzerland
Slovakia
Luxembourg
Hungary
Romania
Denmark
Ireland
Estonia
Belgium
Italy
Finland
Cyprus
Lithuania
Latvia
Malta
Netherlands
Portugal
Slovenia
Sweden
Argentina
Colombia
Ecuador
Indonesia
Mexico
New Zealand
Norway
South Korea
Taiwan
Turkey
Czechia
Austria
Greece
Isle of Man
Bulgaria
Japan
Philippines
Poland
Singapore
Egypt
Chile
Malaysia
