The current code signing paradigm was already tenuous but this change to DigiCert is going to cause far fewer packages to get signed as fewer devs acquire and renew the now very costly certs. We need working…
Until DNSSEC DANE TLSA is implemented in OSes, an interim solution that is easy and costs nothing is to publish binary hashes into a GitHub repository. It's not checked by UAC, but it is free and humans can check the…
The current code signing paradigm was already tenuous but this change to DigiCert is going to cause far fewer packages to get signed as fewer devs acquire and renew the now very costly certs. We need working…
Until DNSSEC DANE TLSA is implemented in OSes, an interim solution that is easy and costs nothing is to publish binary hashes into a GitHub repository. It's not checked by UAC, but it is free and humans can check the…