Hacker News new | past | comments | ask | show | jobs | submit login

Yes, many developers sign, and then fail to offer a secure way of verifying that the signature belongs to them.

But it's still better than nothing, I'm sure they would offer unsigned HTTP downloads if Apple didn't force them to get their shit together.




If the burden for authentication is on the developers anyway, then code-signing shouldn't require a 99€/year subscription. 99€ is a sum that doesn't help Apple, doesn't hinder criminals, but causes headaches for open-source projects and casual developers.


Yeah, Apple could do a better job authenticating public companies, by publishing the company name, address, etc associated with a certificate.

This would solve most of my complaints.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: