[0xbadcafebee]

Signing needs to be mandatory. By becoming the middle-man for packaging and shipping software, you have painted a giant target on your back for state-sponsored hackers and cyber criminals.

Your whole service could end up being one giant backdoor for every application that uses it, putting millions, even billions, of people at risk. Imagine hospitals using software from your system that was never signed. Nuclear facilities, oil pipelines, water treatment plants. If you think 'nobody would be that stupid to use unsigned software there', think again. Some organizations would probably ban the use of apps packaged by your service if it wasn't clear that they had been signed by the authors.

If you make the process seamless enough, people will be fine with signing their builds. And there's plenty of examples of supply chain attacks you can wave around for encouragement. You can even promote this as a core reason to use your service, as you can make it easy for them to securely distribute their software.

[enatik]

Yeah, to be honest I just wanted to get this out ASAP to see what people’s reaction would be. Currently that means it only serves direct downloads from https://github.com .

Currently the roadmap looks like:

Add macOS/Linux support with full signing on macOS and Windows. Add hosted binaries and private repos. Add cryptographic signatures both on the developer side and on our side. These are obviously not enough for total opsec, but should mitigate common attack vectors.

But as you said, the intention is to make the process as seamless as possible, that takes some design time though.