Releases should be signed. #31
Comments
|
I may or may not end up signing these. I currently don't have a developer account and it feels a little silly to sign up for one just for this. We'll see. Thanks for filing this though! |
|
Yeah I get that. This app asks for pretty sensitive information from a user and there is no guarantee whats on the release page is what is represented in code. If they aren't signed maybe think about not offering binary releases and require builds from source. |
|
Well even if I developer signed the build you couldn't be sure that I built it from the commits on master. You may know that it's built by me, but you'd be in the same place 😄 . And since it wouldn't be going through the MAS there realistically wouldn't really be an accountability for it either. |
|
FWIW I would obviously sign this if I had an account. I do see the value in it if not for anything but the friction that macOS has for running unsigned apps. |
|
Yup, but say something nefarious happened Apple could revoke the cert which would prevent installs/execution on Macs running Gatekeeper. |
|
Additionally someone with control to your github account can't compile a trustfully binary and distribute it on your name. Having said that, I agree that it doesn't make sense for now to have a dev account for it and anyone can clone the repo and compile it. |
|
An annoying side effect is having to deal with the keychain stuff whenever you download a new build. If the build is signed, it can access the keychain across builds, as far as I understand it. Maybe it would be worth trying to get a company to sponsor a developer account for this project? $100/year is pretty low, and they'd presumably get a sponsorship plug on the readme. |
|
+1 |
Downloaded the release but discovered that it isn't signed.
The text was updated successfully, but these errors were encountered: