Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist or in the case of yesterday's Wireguard / VeraCrypt discussion, think it's an evil capitalist scheme to control the world.

Digital signing on Windows predates Mac developer certificates by years but arguably wasn't widely used outside of security-paranoid organizations.

Before someone says Linux offers GPG signing it's mostly useless without a central PKI. Developers offer the public key for download on the same server as the software. If someone uploaded compromised software, surely they would replace the key with their own.

Linux package managers (the normal way to install software) use signed packages.

I don't know how easy/hard it would be to compromise that.

> Windows has this thing called digital signing with certificates that Linux users like to pretend doesn't exist

...or, much more likely, any potential benefits are not worth the negatives.