Consider signing #29
Comments
|
Linux... doesn't have signing in the slightest and I don't think signpath provides macOS, you need the 99$/yr apple developer program for that I think |
|
There's also https://www.sigstore.dev/, which is potentially better because of big names backing it up (some previous attempts did become paid, presumably due to lack of funding). |
|
I don't think sigstore is recognized by any real entity as a code signing cert? |
|
In that case, I guess sigstore is for code signing (which we don't necessarily need for this project) while SignPath is for binary signing. |
|
I think sigstore is more for docker containers and such and making sure the software wasn't tampered with on the way through rather than "can this be reasonably considered virus-free" |
|
Fabulously-Optimized/fabulously-optimized#849 needs to be merged and verification integrated in here to meet Signpath Foundation reqs |
|
Need to fulfill these criteria as well https://github.com/SignPath/Website-old/blob/v2/src/drafts/oss_policy.md |
Maybe it is worth it to use this, have to consider
https://about.signpath.io/product/open-source
Ideally it'd support all OSes then, not just Windows
The text was updated successfully, but these errors were encountered: