|
|
|
|
|
|
by cruffle_duffle
202 days ago
|
|
|
Sure but most people aren’t going to do that. It automatically limits the audience willing to use the software. This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface… The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key. |
|
|
Edit: Apparently Brew doesn't sign stuff because they don't trust the code they are being asked to sign. Apparently you can just get brew to build the package locally with `brew install --build-from-source librewolf` though which is useful.
On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.