PACKRELAY.cloud
Sign InGet PackRelay
DOCS · WINDOWS FIRST-RUN

Why Windows shows a warning

PackRelay is a new project, and the Windows launcher installer isn't yet code-signed with a paid publisher certificate. This page explains what you'll see, how to verify the binary, and what we're doing about it.

What you'll see

When you run the installer for the first time, Windows SmartScreen may show a blue dialog labeled “Windows protected your PC” with text noting that the publisher is “unknown.” This is the standard reaction to anyinstaller Microsoft hasn't yet seen widely or hasn't accepted a signature for — it's not a virus detection, and it's not specific to PackRelay.

The warning will go away as our installer accumulates reputation across Microsoft's Defender SmartScreen telemetry, and permanently once we ship a code-signed release (see below).

How to verify the binary

Every PackRelay launcher binary is built by GitHub Actions directly from the public source repository. You don't have to trust us — you can verify the installer matches what was built, independently:

  1. Compare the SHA-256 hash. The /download page shows the SHA-256 of every binary. After downloading, run Get-FileHash <installer>.exe -Algorithm SHA256 in PowerShell. The hashes must match. If they don't — do not run the installer; tell us at support.
  2. Cross-check against GitHub. The same hash appears on the release page on GitHub. The release page is the source of truth — if the hash on /download matches the hash on the release page, the binary you downloaded is the one our build pipeline produced.
  3. Inspect the source. Every line of the launcher is public at github.com/AdaInTheLab/packrelay-launcher, including the GitHub Actions workflow that builds the installers. The commit hash that produced any given release is in the release notes.

What we're doing about it

  • Code-signing. We're onboarding to a publisher code-signing certificate. Once signed, SmartScreen will treat new launcher releases as trusted publishers after the normal Microsoft reputation warm-up period.
  • Update signatures. The launcher already verifies its own auto-updates against an Ed25519 signing key — that signature accompanies every binary on /download and can be inspected directly. Tampered or modified binaries fail this signature check.
  • Reputation submission. Once code-signed builds are out, we'll submit the installer to Microsoft's clean-file list to accelerate the SmartScreen reputation buildup.

Not comfortable proceeding?

That's a reasonable instinct, and we'd rather you wait than run something you're unsure about. Watch for the code-signed release on our news page or via Discord, or build the launcher from source if you'd prefer.

Last updated: 2026-05-18. Questions or issues with verification? Reach out.