最近,我发现许多软件商店(例如微软软件商店)在上架软件时都要求这个软件有合法的软件签名证书,而商业软件签名证书对个人开发者来说是十分贵的,一年可能需要数千人民币,所以我提议ISRG组织可以推出针对于开源软件开发者的免费软件签名证书,以帮助他们将免费、开源的软件传播到更远的地方,而不必受到费用的限制,也更能够激励他们开发、优化更多的开源软件。我知道推出免费的软件签名证书可能是一件困难的事情,并且审核可能非常麻烦且不可控,但是我还是请求ISRG组织推出免费软件签名证书。
Translation into English:
Recently, I've noticed that many software stores (such as the Microsoft Store) require software to have a valid software signing certificate before being listed. Commercial software signing certificates are very expensive for individual developers, potentially costing thousands of RMB per year. Therefore, I propose that the ISRG organization offer free software signing certificates for open-source software developers. This would help them distribute their free, open-source software more widely without being limited by costs, and would also encourage them to develop and optimize more open-source software. I understand that providing free software signing certificates might be difficult, and the verification process could be complicated and unpredictable, but I still request that the ISRG organization consider offering free software signing certificates.
2 Likes
Currently code signing certificates require validating someone's identity (Latest Code Signing Baseline Requirements | CA/Browser Forum) and so it requires manual verification, something Let's Encrypt can't currently do.
In order for Let's Encrypt (or some other free CA) to issue code signing certificates, changes to the CA/Browser Forum's code signing requirements would need to be made.
7 Likes