[herecomesthepre]

Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist or in the case of yesterday's Wireguard / VeraCrypt discussion, think it's an evil capitalist scheme to control the world.

Digital signing on Windows predates Mac developer certificates by years but arguably wasn't widely used outside of security-paranoid organizations.

Before someone says Linux offers GPG signing it's mostly useless without a central PKI. Developers offer the public key for download on the same server as the software. If someone uploaded compromised software, surely they would replace the key with their own.

[BenjiWiebe]

Linux package managers (the normal way to install software) use signed packages.

I don't know how easy/hard it would be to compromise that.

[steve1977]

> Before someone says Linux offers GPG signing it's mostly useless without a central PKI

One could also argue that GPG signing is useful exactly because it doesn't rely on a central PKI.

[herecomesthepre]

It's as useful as self-signed certificates.

[badsectoracula]

> Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist

...or, much more likely, any potential benefits are not worth the negatives.