With code signing is still possible a software is malicious. There is nothing like code signing protects from malicious code. But the point is that code signing refer to the creator. App cannot be changed for other and That’s the point ! Why letsencrypt not offer a signing certificate based on domain? With the same authentication methods, will be possible know if a software come from the legitimit owner of mysoftware.com domain for example
1 Like