docs: document the unsigned-binary SmartScreen warning#51
Conversation
…evant New users' first friction is the SmartScreen "unrecognized app" prompt (the binaries are unsigned — no paid code-signing cert). Make the explanation + "More info → Run anyway" steps impossible to miss, and repeat it on every download/first-run surface: - README: dedicated "First run: Windows SmartScreen warning" subsection under Quick start, plus an upgraded Security-notes bullet linking to it. - docs/FAQ.md: top entry "is Pixelpipe safe?". - docs/TROUBLESHOOTING.md: top entry for the warning. - .github/workflows/build.yml: a "First run: SmartScreen" block added to both the versioned and rolling release-note templates, so every future GitHub release page carries it too. Each spot also points at SHA256SUMS.txt + Get-FileHash for users who want to verify the download. No code change, no CHANGELOG bump (no release cut). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the documentation across README.md, docs/FAQ.md, and docs/TROUBLESHOOTING.md to explain the Windows SmartScreen warning that occurs because the executables are unsigned, providing instructions on how to bypass it and verify the files using SHA256 hashes. The review feedback suggests improving the PowerShell commands by using a wildcard pattern (Pixelpipe*.exe) so that the command works seamlessly for both the portable and setup versions of the application.
| You only have to do this once per downloaded file. If you want to verify the download is genuine first, the release ships a `SHA256SUMS.txt` — compare it against: | ||
|
|
||
| ```powershell | ||
| Get-FileHash .\Pixelpipe.exe -Algorithm SHA256 |
There was a problem hiding this comment.
Since Pixelpipe is distributed as both Pixelpipe.exe and Pixelpipe-Setup.exe, users who download the setup version will encounter a file-not-found error if they copy-paste this command directly. Using a wildcard pattern like Pixelpipe*.exe allows the command to work seamlessly for both the portable and setup executables.
| Get-FileHash .\Pixelpipe.exe -Algorithm SHA256 | |
| Get-FileHash .\Pixelpipe*.exe -Algorithm SHA256 |
| Want to verify the file is genuine first? Each release includes `SHA256SUMS.txt`; compare it with: | ||
|
|
||
| ```powershell | ||
| Get-FileHash .\Pixelpipe.exe -Algorithm SHA256 |
There was a problem hiding this comment.
Since Pixelpipe is distributed as both Pixelpipe.exe and Pixelpipe-Setup.exe, users who download the setup version will encounter a file-not-found error if they copy-paste this command directly. Using a wildcard pattern like Pixelpipe*.exe allows the command to work seamlessly for both the portable and setup executables.
| Get-FileHash .\Pixelpipe.exe -Algorithm SHA256 | |
| Get-FileHash .\Pixelpipe*.exe -Algorithm SHA256 |
| You only do this once per downloaded file. To confirm the download is genuine before running, compare it against the release's `SHA256SUMS.txt`: | ||
|
|
||
| ```powershell | ||
| Get-FileHash .\Pixelpipe.exe -Algorithm SHA256 |
There was a problem hiding this comment.
Since Pixelpipe is distributed as both Pixelpipe.exe and Pixelpipe-Setup.exe, users who download the setup version will encounter a file-not-found error if they copy-paste this command directly. Using a wildcard pattern like Pixelpipe*.exe allows the command to work seamlessly for both the portable and setup executables.
| Get-FileHash .\Pixelpipe.exe -Algorithm SHA256 | |
| Get-FileHash .\Pixelpipe*.exe -Algorithm SHA256 |
1 participant
Summary
For an unsigned app, the SmartScreen "Windows protected your PC / unrecognized app" prompt is the very first thing every new user hits. This documents it clearly and repeats it on every download / first-run surface so it can't be missed or mistaken for malware.
Each spot gives the fix (More info → Run anyway), explains why (unsigned — no paid code-signing cert), and points at
SHA256SUMS.txt+Get-FileHashfor anyone who wants to verify the download first.Surfaces covered
First run: Windows SmartScreen warningsubsection under Quick start, plus the existing Security-notes bullet upgraded from a vague aside to a clear, linked explanation.First run: SmartScreenblock added to both the versioned and rolling release-note templates, so every future GitHub release page carries it too.No code change, no CHANGELOG bump → no release cut. (The release-note template change applies to the next real release automatically.)
Test plan
build.ymlstill parses as valid YAML""-escaping verified to render literal quotes in the release notes🤖 Generated with Claude Code