[Feature Request]: code signing (yes, again)

[mrkazoodle]

The request

Hi,

Please look into code signing again.

There is a Linux foundation project for code signing: https://www.sigstore.dev/

Here's the announcement on Google's security blog a couple of years ago:
https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html?m=1

There are some big companies backing this project, and they aim to be the let's encrypt for code signing, so it seems to me like a real opportunity to finally add this much requested feature.

Thanks in advance

Is your feature request related to a problem?

No response

Additional information

No response

[github-actions]

This issue is stale because it has been open for 30 days with no activity.

[mrkazoodle]

Hi,

I'm glad the response was not an immediate no, but no response at all is not very positive either... 😐

[Romanitho]

Hi,

We are not against code signing. But it is not our priority :/

[mrkazoodle]

Hi, I understand it doesn't add any functionality, but probably this would help with anti viruses: we use avast (business), and it doesn't like it.
This was also probably the reason that a fork existed for intune
Probably it is better when using applocker, to only run signed code (we're not using that yet, but planning to).

[AndrewDemski-ad-gmail-com]

Hi,
AppLocker does not mind if a script file is signed using approved cert of approved by file hash.
However setting your security levels too high may break PowerShell-based tool such as this one.

Please do not start from limiting the language mode. That will basically castrate your Helpdesk, IT-Ops and scripted solutions you may not know to have in your company.
That will be the worst kind of ice-bucket challenge you can think of.

You've been warned.
Good Luck

[github-actions]

This issue is stale because it has been open for 30 days with no activity.