I've just edited my comment to make this clearer. Doing code signing with signif... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kpcyrd on March 7, 2019 \| parent \| context \| favorite \| on: Notepad++ drops code signing for its releases I've just edited my comment to make this clearer. Doing code signing with signify or pgp gives you a way the verify the binary you downloaded is actually the file the developer built on their laptop, even if the webserver is compromised. Linux ISOs are very commonly distributed that way. I agree that it's extremely uncommon for windows users to verify this though.

prepend on March 7, 2019 [–]

Windows does not care about non-windows recognized signatures.

So this works fine for users who care about gpg verification, but fails the “Windows doesn’t prompt me about insecure stuff” test.

someguydave on March 7, 2019 | [–]

presumably the user who understands how GPG signing works also doesn't care what windows thinks

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact