Why exactly do we need signing authorities? Software isn’t zero trust like websites. You do need to trust the developer - even a legitimate one. Signing apps with verified developer keys will only hurt small independent developers, open source projects and freedom enabling stuff like user patching.
It only works to solidify monopolies and doesn’t protect you against shit.
Why exactly do we need signing authorities? Software isn’t zero trust like websites. You do need to trust the developer - even a legitimate one. Signing apps with verified developer keys will only hurt small independent developers, open source projects and freedom enabling stuff like user patching.
It only works to solidify monopolies and doesn’t protect you against shit.