← Back to context Comment by adzm 20 days ago Code signing certs are unfortunately expensive 10 comments adzm Reply 1una 20 days ago $0 at SignPath. Quite a few OSS projects use it. Chaosvex 17 days ago You don't even need a certificate to prevent update tampering like this. The updates could have shipped with an ECDSA signature and this wouldn't have happened. It's also free and doable in an afternoon. firesteelrain 20 days ago $700+ at Sectigo for two yearsSomething of Notepad++ size might think about it now abeyer 20 days ago "of Notepad++ size" is basically one guy in his free time, no? eviks 20 days ago "But look at those downloads, they magically print money" 1 reply → hjoutfbkfd 20 days ago the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity firesteelrain 20 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross Chaosvex 17 days ago It was negligence. You don't need a certificate to prevent update tampering. anonnon 19 days ago Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.
Chaosvex 17 days ago You don't even need a certificate to prevent update tampering like this. The updates could have shipped with an ECDSA signature and this wouldn't have happened. It's also free and doable in an afternoon.
firesteelrain 20 days ago $700+ at Sectigo for two yearsSomething of Notepad++ size might think about it now abeyer 20 days ago "of Notepad++ size" is basically one guy in his free time, no? eviks 20 days ago "But look at those downloads, they magically print money" 1 reply → hjoutfbkfd 20 days ago the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity firesteelrain 20 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross Chaosvex 17 days ago It was negligence. You don't need a certificate to prevent update tampering. anonnon 19 days ago Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.
abeyer 20 days ago "of Notepad++ size" is basically one guy in his free time, no? eviks 20 days ago "But look at those downloads, they magically print money" 1 reply →
hjoutfbkfd 20 days ago the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity firesteelrain 20 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross Chaosvex 17 days ago It was negligence. You don't need a certificate to prevent update tampering. anonnon 19 days ago Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.
firesteelrain 20 days ago Certum.eu has this figured out.https://support.certum.eu/en/code-signing-required-documents...https://shop.certum.eu/open-source-code-signing-on-simplysig...$49 (EU) Gross
$0 at SignPath. Quite a few OSS projects use it.
You don't even need a certificate to prevent update tampering like this. The updates could have shipped with an ECDSA signature and this wouldn't have happened. It's also free and doable in an afternoon.
$700+ at Sectigo for two years
Something of Notepad++ size might think about it now
"of Notepad++ size" is basically one guy in his free time, no?
"But look at those downloads, they magically print money"
1 reply →
the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity
Certum.eu has this figured out.
https://support.certum.eu/en/code-signing-required-documents...
https://shop.certum.eu/open-source-code-signing-on-simplysig...
$49 (EU) Gross
It was negligence. You don't need a certificate to prevent update tampering.
Delaware LLCs are "cheap," but you're still looking at $300-500 a year in fees.