>>Zuider+(OP)
If a corp like Nvidia cannot manage to store Code signing certs on hardware only, the whole process is broken beyond repair. What’s the value of signed code going forward?
A part of the roadmap to only allowing average users to execute native programs their overlords approve of. We're already sadly most of the way there with the scary dialogs and dark patterns anyone has to navigate to run anything unapproved.
>>jimmas+vi
I don't think their overlords can approve that they never see. That's the issue with bad private cert security. The system is as strong as its weakest link.