Hacker News new | past | comments | ask | show | jobs | submit login

That's an excellent question! The auto updater requires your packages to be code-signed, meaning that someone would have to compromise the endpoint _and_ also be able to sign code with your root-trusted certificate.

Oh neat! That makes sense, but I didn't realize it was set up for code signing. Good to know :)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact