[naikrovek]

Sign the powershell script. It’s not that large of a hurdle to get a code signing cert, though it certainly isn’t trivial.

[lll-o-lll]

Code signing certs must have the key HSM’d these days. It’s a big hurdle.

[gloosx]

You have to go through a humilating process to get it as well as pay few hundred $$$ to one of MS street vendors.

[naikrovek]

you have to prove who you are, yes. I don't know what you mean in the 2nd half of the sentence.

[gloosx]

lemme explain quickly: you have to prove a lot of different things on paper, not just who you are; in reality this is just a money-milking side-hustle business for Microsoft. The process I had to go through had many different steps but in the end it all just relied on a blind trust between me and vetting team from the first step.

[naikrovek]

lemme respond quickly: code signing certs are in use by many more than just microsoft. if i want a code signing cert from digicert, microsoft doesn't get any money, digicert does. i can use it for more than just powershell scripts, of course, i can sign anything. they are useful things to have. getting them is a pain in the ass, yes, but it's supposed to be. they want to filter out identity impersonators and do everything they can to issue a cert to a person that is who they say they are. that's the whole point of the cert, so that's why you must show all of that proof.