It's a huge ask, but i'm hoping they'll implement code-signing certs some day, even if they charge for it. It would be nice if appstores then accepted those certs instead of directly requiring developer verification.

▲

duskwuff 10 hours ago | parent | next [-]

1) For better or worse, code signing certificates are expected to come with some degree of organizational verification. No one would trust a domain-validated code signing cert, especially not one which was issued with no human involvement.

2) App stores review apps because they want to verify functionality and compliance with rules, not just as a box-checking exercise. A code signing cert provides no assurances in that regard.

▲

notepad0x90 8 hours ago | parent [-]

They can just do id verification instead of domain, either in-house or outsource it.

app store review isn't what I was talking about, I meant not having to verify your identity with the appstore, and use your own signing cert which can be used between platforms. Moreover, it would be less costly to develop signed windows apps. It costs several hundred dollars today.

	▲	briHass 2 hours ago \| parent [-]
		Azure has a service ('Artifact Signing') which is $10/month for signing Windows executables (not Windows Store apps, which don't need it.) That's pretty reasonable, considering it is built in to all the major code signing tools on Windows, they perform the identity verification, and the private keys are fully managed by Azure. Code signing certs are required to be on HSMs, so you're most likely going to be paying some cloud CA anyway.

▲

cpach 8 hours ago | parent | prev [-]

Would be cool. But since they’re a non-profit, they would need some way to make it scalable.

	▲	notepad0x90 8 hours ago \| parent [-]
		I see no problem with outsourcing id verification to a trusted partner. Or they could verify payment by charging you $1 to verify you control the payment card, and combine that with address verification by paper-mailing a verification code.