Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
charlie-83 2 hours ago

You could always just build it yourself from source if you are concerned.

cruffle_duffle 2 hours ago | parent [-]

Sure but most people aren’t going to do that. It automatically limits the audience willing to use the software.

This isn’t an easy problem! I’d argue signed binaries are good for everybody… They are good for the end user because it provides some assurance the thing hasn’t been tampered with and provides at least some form of audit history. It’s good for the developers too! It ensures that users are running the binaries the dev intended them to run! It’s good for the platform maker as it reduces the attack surface…

The problem is… getting the keys to sign binaries requires getting a private key! And not just any key but one that been blessed somehow by something that all parties can trust. And trust isn’t a technical problem but a meatspace human some. Apple solves it by requiring the dev to cough up 100USD and probably some other personal information. I have no idea how Ubuntu does it or Microsoft…. But something, somewhere has to bless that signing key.

charlie-83 an hour ago | parent [-]

So for Linux, generally you are installing packages from your distro's repo so they are signed by the repo itself. I would have assumed that it would be the same on Mac with brew/macports/etc signing the code, but from what you are saying I guess not, I don't see why.

On windows you just need a certificate from a known authority. This will still probably cost you money but you have a lot more options at different price levels. Also that certificate is a widely useful thing rather than an apple dev account which is only useful in the apple walled garden.