But gitian uses pgp-type rather than authenticode signing.
Suspect I'm likely missing something, but why can't the result of whatever build process just get an authenticode signature added and be done with it? If gitian just builds the unsigned binary, why does gitian even need an update for this?
Is there a super-essential absolutely mandatory required step which wasn't explained in the original post or otherwise documented somewhere? It sure isn't anything the official microsoft instructors taught back when I was getting MCSD / MCSE / etc. at my "corporate training" center back in the day.
I highly suspect this is because the build process for the windows version is cross compiled using a non-windows system using non-microsoft compilers (probably mingw gcc target or something similar)
At this point I think I'm feeling defeated enough / begun to realize I should probably give up trying to understand what's even being done, why, which tools, etc.
Sorry, I really am a windows dev / sysadmin once you get past all my open-source hobby tinkering.
Feels soooo weird that any credentials or training I might have are completely and utterly irrelevant for making the windows build process any more standard-like. I'm not young enough, and by now I think I've been retired too long to be useful anymore.