And are code-signing certs really so different? The reporting and regulatory requirements behind them make me think that they are an intentional barrier-to-entry for newcomers, amateurs, and startups, and the business student in me admires their moat-like quality. Code-signing certs lock a lot of people out of certain channels of software distribution