Hello Plex friends,
I notice the downloads for Plex server on Synology are not digitally signed. I would much prefer to see code signing on these packages to help provide that extra level of assurance. I assume this is one of the reasons an install on Synology prompts with the alert the package is from an unknown publisher, my assumption is it looks for the digital signature to validate the provider.
I see that the Plex Media Player software (Windows version) is digitally signed, with you therefore have a code signing cert would it be possible to extend signing to all provided packages?
I am asking you to be clear in what you’re asserting.
To avoid any possible misunderstanding on my part, I will restate and ask you to verify/correct me as needed
- The Plex SPK, as downloaded from Synology is not digitally signed
- The Plex SPK, as downloaded directly from http://downloads.plex.tv is digitally signed.
Hi - the download link in your post doesn’t appear valid, it says “The page you’re looking for was not found.
You will be redirected automatically in 5 seconds. https://plex.tv/downloads”.
The Plex download page provides the .spk file for Synology which isn’t signed from what I can see and when this is installed on DSM I get the “This package is published by an unknown publisher” message.
it’s signed, but the publisher is unknown. You need to add Plex as a trusted publisher. Synology defaults only with themselves as trusted publisher. Follow these steps:
https://support.plex.tv/articles/205165858-how-to-add-plex-s-package-signing-public-key-to-synology-nas-package-center/
Thanks for confirming, much appreciated.
