← Back to context Comment by adzm 19 days ago Code signing certs are unfortunately expensive 10 comments adzm Reply 1una 19 days ago $0 at SignPath. Quite a few OSS projects use it. Chaosvex 16 days ago You don't even need a certificate to prevent update tampering like this. The updates could have shipped with an ECDSA signature and this wouldn't have happened. It's also free and doable in an afternoon. firesteelrain 19 days ago $700+ at Sectigo for two yearsSomething of Notepad++ size might think about it now abeyer 19 days ago "of Notepad++ size" is basically one guy in his free time, no? eviks 19 days ago "But look at those downloads, they magically print money" 1 reply → hjoutfbkfd 19 days ago the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity firesteelrain 19 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross Chaosvex 16 days ago It was negligence. You don't need a certificate to prevent update tampering. anonnon 18 days ago Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.
Chaosvex 16 days ago You don't even need a certificate to prevent update tampering like this. The updates could have shipped with an ECDSA signature and this wouldn't have happened. It's also free and doable in an afternoon.
firesteelrain 19 days ago $700+ at Sectigo for two yearsSomething of Notepad++ size might think about it now abeyer 19 days ago "of Notepad++ size" is basically one guy in his free time, no? eviks 19 days ago "But look at those downloads, they magically print money" 1 reply → hjoutfbkfd 19 days ago the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity firesteelrain 19 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross Chaosvex 16 days ago It was negligence. You don't need a certificate to prevent update tampering. anonnon 18 days ago Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.
abeyer 19 days ago "of Notepad++ size" is basically one guy in his free time, no? eviks 19 days ago "But look at those downloads, they magically print money" 1 reply →
hjoutfbkfd 19 days ago the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity firesteelrain 19 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross Chaosvex 16 days ago It was negligence. You don't need a certificate to prevent update tampering. anonnon 18 days ago Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.
firesteelrain 19 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross
$0 at SignPath. Quite a few OSS projects use it.
You don't even need a certificate to prevent update tampering like this. The updates could have shipped with an ECDSA signature and this wouldn't have happened. It's also free and doable in an afternoon.
$700+ at Sectigo for two years
Something of Notepad++ size might think about it now
"of Notepad++ size" is basically one guy in his free time, no?
"But look at those downloads, they magically print money"
1 reply →
the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity
Certum.eu has this figured out.
https://support.certum.eu/en/code-signing-required-documents...
https://shop.certum.eu/open-source-code-signing-on-simplysig...
$49 (EU) Gross
It was negligence. You don't need a certificate to prevent update tampering.
Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.