thrownhwn

Anybody know if they has code-signed their Windows and macOS binaries with 2.0?

It's a shame so many "core" developer tools are not code-signed. It makes life hard in companies where binary whitelisting is used.

korzun

> It makes life hard in companies where binary whitelisting is used.

The application would still have to be audited, signed or not, prior to whitelisting.

sslalready
In practise it's much easier to just trust well-known developers by whitelisting their code-signing certificates.

You could still get owned, of course, but the benefit here is that you're excluding everything not explicitly whitelisted, including drive-by downloads, crap on portable devices or random programs downloaded off the internet that someone thinks will solve their problem of the day.

When people do not code-sign their software every software update is painful. At work, where we run https://github.com/google/santa, it frequently happens that companies with code-signed software forget to code-sign their auto-updater, or random binaries that run during installation. Most of the time the application crashes/hang during the update (because some piece weren't allowed to run), only to remind to you update the software again when you restart the application.