Security

Code Signing Policy

Last updated: June 25, 2026

The short version: Rest Hippo's Windows installers are Authenticode-signed by SignPath Foundation, which provides free code signing certificates to open-source projects. Because the certificate belongs to the Foundation, Windows shows the verified publisher as “SignPath Foundation” rather than Jason Figge — that's expected, and a sign the build came through the audited release pipeline.

Rest Hippo is a free, open-source (Apache-2.0) desktop API client built and maintained by Jason Figge. This page documents how its release binaries are code-signed, who signs them, and how you can verify a download you received is genuine.

1. What is signed

Every published Windows release — the NSIS installer (Rest-Hippo-Setup-<version>-<arch>.exe) and the portable executable, for both x64 and arm64 — is Authenticode-signed and timestamped. macOS builds are separately signed and notarized with an Apple Developer ID; Linux packages are not code-signed (Linux uses distribution-level trust instead).

2. Who signs it — SignPath Foundation

Windows signing is provided by SignPath Foundation, a non-profit that issues code signing certificates free of charge to qualifying open-source projects. Rest Hippo does not hold its own Authenticode certificate; the signature is applied with the Foundation's certificate through the SignPath.io signing service.

As a result, the verified publisher reported by Windows (in the User Account Control prompt and the file's Digital Signatures tab) is “SignPath Foundation”, not “Jason Figge” or “Rest Hippo”. This is the normal, expected behavior for Foundation-signed software and is itself a trust signal: it means the binary was produced and signed through the project's reviewed release process.

3. How signing works

Signing is integrated into the project's automated release pipeline and is never performed on a personal machine:

Installers are built from a tagged commit by a GitHub Actions workflow running on GitHub-hosted runners, directly from the public source repository.
The unsigned Windows executables are submitted to SignPath under a defined signing policy, where the request is reviewed and approved before a signature is applied.
The signed binaries are returned to the pipeline, the auto-update manifest checksums are recomputed to match the signed files, and everything is attached to the corresponding GitHub Release.

4. Where to get genuine builds

Only download Rest Hippo from official sources: the resthippo.com downloads section (which links to GitHub) and the project's GitHub Releases. Binaries obtained anywhere else are not covered by this policy and should not be trusted.

5. Verifying a download

On Windows, right-click the downloaded .exe → Properties → Digital Signatures, and confirm the signature lists SignPath Foundation and validates as OK. You can also confirm the file matches the checksum published in the release's latest.yml. If a build is unsigned, shows a different publisher, or fails signature validation, do not run it — please report it (see Contact).

6. Reporting a problem

If you find a binary that claims to be Rest Hippo but is unsigned, signed by an unexpected publisher, or otherwise suspicious, email resthippo411@gmail.com or open an issue on GitHub. Because the project is open source, the entire build and signing configuration is public and auditable in the repository.