Release binaries are deliberately not CA code-signed pre-1.0 (no Authenticode on the Windows .exe, no Apple Developer ID / notarization on macOS). Provenance attestation (Sigstore SLSA, since v0.4.0) + SHA256SUMS + signed tags already cover the developer audience; CA signing only suppresses Windows SmartScreen / macOS Gatekeeper desktop prompts.
Revisit post-1.0, if double-click desktop installs become a real distribution path:
- Windows → SignPath Foundation (free for OSS)
- macOS → Apple Developer ID ($99/yr)
(ssl.com was evaluated and rejected — Windows-only, no day-one SmartScreen trust after the 2024 EV change.)
Source: crates/aozora-book/src/contrib/release.md (Code signing §). Tracking issue so the decision resurfaces at the 1.0 milestone.
Release binaries are deliberately not CA code-signed pre-1.0 (no Authenticode on the Windows
.exe, no Apple Developer ID / notarization on macOS). Provenance attestation (Sigstore SLSA, since v0.4.0) + SHA256SUMS + signed tags already cover the developer audience; CA signing only suppresses Windows SmartScreen / macOS Gatekeeper desktop prompts.Revisit post-1.0, if double-click desktop installs become a real distribution path:
(ssl.com was evaluated and rejected — Windows-only, no day-one SmartScreen trust after the 2024 EV change.)
Source:
crates/aozora-book/src/contrib/release.md(Code signing §). Tracking issue so the decision resurfaces at the 1.0 milestone.