Code Signing

Question

Code Signing

pearcec opened this issue 3 years ago · 2 comments

pearcec commented 3 years ago

Setup code signing.

Do I need to sign both the .psd1 and .psm1? Assuming yes
Need use a timestamp service perhaps https://www.freetsa.org/? But open to recommendations maybe http://timestamp.digicert.com?
Would like to use Let's Encrypt
All of this is performed via GitHub
Can my keys be throwaway if the signatures is validated via Let's Encrypt and setup with a timestamp server?

Answer 1 · 2021-04-30T12:06:02.000Z

Looks like LE doesn't support code signing (makes sense). I found this https://sigstore.dev/

Answer 2 · 2021-08-08T01:29:28.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.