Comment by aksss

I can foresee a modern code-signing regimen with paid gatekeepers coming to mitigate the risk of supply chain attacks. Imagine the purported strength of mythos automating scans of PRs or releases with some manner of indelible and traceable certification. There's some industrious company - a modern verisign of old - that will attempt to drop in a layer of $250-500 per year fees for that service, capture the app stores to require it. Call me a cynical bastard, but "I was there, Gandalf".