Is there a way to request that the build pipeline for prebuilt DLLs and tools for Windows be modified to include Authenticode signatures? There is no means provided to verify the integrity of these executables, which means that anyone can download from the official URLs but have their connections intercepted to provide virus-laden or otherwise adulterated versions. (And, let me tell you, manually verifying GPG signatures gets old after the first seven or more times one must do so.)
Serving via https would eliminate the MITM-interception attack, but unsigned binaries still provide a vector for local persistence of infection because they prevent the implementation of Windows Software Restriction Policies that prevent all unsigned code from running. Thanks for your time! -Kyle H
