|
|
|
|
|
|
by CGamesPlay
213 days ago
|
|
|
Yeah, makes sense Homebrew doesn't sign everything with their own certs. I was suggesting that Homebrew could run codesign locally with the user's local certificate as part of the install process. > The bad actors would flood homebrew with malicious binaries, which homebrew would auto-sign, users would download & run, and the bad actors would laugh all the way to the bank. Every software distributor has this problem, code-signed or not. This is either already happening to Homebrew (and not using code signing) or there's some other reason that it isn't happening. |
|
|