Hacker News new | past | comments | ask | show | jobs | submit login

You are basically describing what Windows has as appx/msix. The decentrialized notarization authorities are the code signing certificate providers.



I had not seen this, but it absolutely does (on the surface) seem like a solution to this problem. Thanks!

I’d need to educate myself a bit more in terms of whether there are third-party authorities beyond Microsoft for the packages.

Found this introductory video for anyone else interested:

https://www.youtube.com/watch?v=phrD081sMWc

Note: I didn’t intend the Surface pun above, but it happened and we can all be glad that it did.


Yes there are a few certificate authorities. For example DigiCert, SSL.com and others. You can also create your own e.g. for enterprise deployments. Or you could even set up a public CA if you wanted to, the process is standardized.

So whilst Microsoft will sign for you if you distribute via their store, otherwise you pay per year for certificates and can distribute outside the store.

There are problems with the system (cost, bugs, usability problems) but it is decentralized.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: