EV or OV code signing certificate for native binaries #2383
Description
Having access to an Extended Validation (EV) or Organization Validation (OV) code signing certificate would alleviate any concerns of running unsigned native binaries, such as the platform-specific code for Secrets for Zowe SDK. Otherwise, a user could encounter a warning regarding an undefined team or publisher when trying to load an unsigned binary. If the binaries were signed, this would establish a sense of trust in the binaries and avoids anti-virus or endpoint detection software from flagging them as potentially unwanted or malicious. It also confirms that the binaries are officially distributed by the Zowe organization and prevents possibility of spoofing these binaries.
Since the Secrets SDK is a part of the Zowe CLI repo, it would probably make sense for the code-signing certificate to be owned by the Zowe org. However this does raise some concerns about how the certificate would be shared and leveraged to sign native binaries. The proposal is to raise a request for either an EV or OV certificate to enable code-signing for native binaries.