VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?

    • dev_null
      link
      fedilink
      arrow-up
      3
      ·
      9 months ago

      The certs are sold by certificate authority companies, and Microsoft doesn’t get a share of that, though I’m not sure.

      Yeah, software being signed says nothing about it not being malicious or insecure, but it does prove the author is what it says, and if it is malicious then the responsible party is clearly visible.

      For non-commercial hobby/open-source software the certificate price is prohibitive, so the only 2 options are Microsoft Store or accepting that users will see the scary warnings, and of course complain to the developer about it.

    • WetBeardHairs
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      The assumption is that legitimate companies who sell software will sign it and that signature proves it came from that company who you trust because of their publicly known legitimacy. It’s a bit of circular reasoning. But it does round back towards that legitimacy - if it is found that they violate your trust, they lose public trust and thus lose sales.

      Luckily new OSes (cough NOT WINDOWS) are able to sandbox applications and prevent them from accessing resources without declaring the need to access it.

      And as for the signing certificate, I think the MS Store will allow any signed app. They just offer the cheaper signing service.