Install
About Windows warnings.
If you're installing a Stamme app on Windows, you might see a security warning. Here's exactly what's happening, why, and what to do.
What you might see
When you run the installer, Windows will show a blue screen titled "Windows protected your PC" with a "Don't run" button. The publisher will read Unknown publisher.
To install: click "More info", then "Run anyway". That's the whole thing.
Why it happens
Windows uses a system called SmartScreen to flag installers that aren't signed with a code-signing certificate. Stamme installers aren't signed yet, so Windows can't display a publisher name and treats it as unknown.
Why it isn't signed yet
Code-signing certificates for Windows used to be a simple download. Since June 2023, the rules changed — every cert now requires a hardware security token (a physical USB device) and identity verification that can take weeks. Even then, the warning doesn't go away immediately unless you pay for the most expensive tier (EV, $300–500 per year).
Stamme is one person making small, finished tools. Right now that cost, process, and hardware-token overhead doesn't make sense for the catalog size. I'd rather be upfront about it than charge a premium to cover a certificate.
I'll revisit this when the math works.
How you know it's safe
Honestly: you don't, from the installer alone. That's the trust problem the warning is pointing at, and it applies to any unsigned installer from anyone.
What I can offer: installers are hosted on a signed, short-lived download link generated by Stripe and Cloudflare only after your purchase is verified. Nothing is hot-linked from a random mirror.
Verify your download
Two ways, both free:
1. VirusTotal scan. Upload the installer to VirusTotal — it runs the file against dozens of antivirus engines and shows the results. Unsigned installers from small publishers sometimes get a heuristic flag or two; what matters is whether established engines (Kaspersky, BitDefender, ESET, Microsoft) are clean.
2. SHA256 checksum. Each release page lists the SHA256 hash of every installer. You can compute the same hash on your machine and compare — if they match, the file wasn't tampered with in transit.
On Windows PowerShell:
Get-FileHash .\HAVEN_1.0.0_x64_en-US.msi -Algorithm SHA256
On Linux/macOS:
sha256sum HAVEN_1.0.0_amd64.deb
If anything ever feels off, don't run it. Email me.
On macOS and Linux
Linux: no warnings. Just install the
.deb or run the .AppImage.
macOS: not currently supported. Apple's developer certification has a recurring cost I can't justify yet for a small catalog. I'll add it when the math works.
— Stamme