Module Signatures Required

Juan Conejero

PixInsight Staff
Staff member
We want to inform all PixInsight/PCL developers that module signatures will be required very soon, probably starting from the next version of PixInsight, which we plan to release next week. The Preferences > Security > Allow installation of unsigned modules option will be disabled by default, and a valid CPD identity will be required to enable it.

We are making this change to stop hacking activities that we have detected affecting some third-party modules, as well as to strengthen the security of PixInsight installations on all platforms.

All developers distributing PixInsight modules must hold a valid Certified PixInsight Developer (CPD) identity. A CPD identity can be requested using the SigningKeys and SubmitCPD scripts, as described here:

The CodeSign script must be used to generate module signatures. Since PixInsight version 1.8.9-2 build 1604, this script supports the generation of signatures for binary module files on all supported platforms, scripts, and XML repository information documents.

We strongly recommend that you sign all of your modules from now on, preferably before we implement this new requirement.

Thank you for your attention,

The PixInsight Team at Pleiades Astrophoto S.L.