vgskye
commented
5 months ago Linux... doesn't have signing in the slightest and I don't think signpath provides macOS, you need the 99$/yr apple developer program for that I think
Open Madis0 opened 5 months ago
vgskye
commented
5 months ago Linux... doesn't have signing in the slightest and I don't think signpath provides macOS, you need the 99$/yr apple developer program for that I think
Madis0
commented
5 months ago There's also https://www.sigstore.dev/, which is potentially better because of big names backing it up (some previous attempts did become paid, presumably due to lack of funding).
vgskye
commented
5 months ago I don't think sigstore is recognized by any real entity as a code signing cert?
Madis0
commented
5 months ago In that case, I guess sigstore is for code signing (which we don't necessarily need for this project) while SignPath is for binary signing.
vgskye
commented
5 months ago I think sigstore is more for docker containers and such and making sure the software wasn't tampered with on the way through rather than "can this be reasonably considered virus-free"
vgskye
commented
1 month ago Fabulously-Optimized/fabulously-optimized#849 needs to be merged and verification integrated in here to meet Signpath Foundation reqs
Madis0
commented
1 month ago Need to fulfill these criteria as well https://github.com/SignPath/Website-old/blob/v2/src/drafts/oss_policy.md
Maybe it is worth it to use this, have to consider https://about.signpath.io/product/open-source Ideally it'd support all OSes then, not just Windows