Code Signing is more akin to EV than domain verified.
They're checking organisational or individual identity, which is a work intensive process (e.g. "email me your driver's license, business license, and tax return so I can manually review them.")
It might be possible for a charity to run a FOSS code signing CA, but it is unclear who's paying for that since it needs actual staff.
They're checking organisational or individual identity, which is a work intensive process (e.g. "email me your driver's license, business license, and tax return so I can manually review them.")
It might be possible for a charity to run a FOSS code signing CA, but it is unclear who's paying for that since it needs actual staff.