Open JPHutchins opened 1 month ago
nickbeth
commented
2 weeks ago Not sure what's required on my side, but I'd definitely rule out any paid option. I also don't think this project would qualify for free signing as OSS because of how small it is.
JPHutchins
commented
1 week ago I've used cosign, it's simple enough: https://github.com/sigstore/cosign. I'll continue to investigate free options for MS Store and maybe email MS about it. I do pay, and I'm probably willing to sign it, but the publisher would be "JP Hutchins".
Presently I am testing out Azure Code Signing Trusted Code Signing (whatever they are calling it 🤷♀️). And yeah I'm paying $10 a month.
WSL-USB-GUI is using signpath.io, and I thought I read somewhere that they were providing some free signing for qualifying OSS? https://gitlab.com/alelec/wsl-usb-gui/-/blob/main/.gitlab-ci.yml?ref_type=heads#L57
To be clear, Microsoft should 100% sign this package for free! But it's unclear whether or not there's infrastructure in place for that.
At any rate, it's a requirement for winget / microsoft store, so here we are.
This feature belongs to the milestone "winget / microsoft store".