Dave Glick

2022-06-02 14:26:47

So uh...code signing was already hard and expensive enough for open source maintainers and now certs need to be stored and used from a hardware token or HSM too? Hard to see how this doesn't effectively kill open source code signing (or am I totally misreading the changes?).