This is the explanation for why:
Comment on Notepad++ updater installed malware
floofloof@lemmy.ca 2 weeks ago
Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code.
That doesn’t sound wise.
techt@lemmy.world 2 weeks ago
asbestos@lemmy.world 2 weeks ago
So the private key was left in the Github source code and nobody caught it? Or was it the public key? (which makes this statement way less impactful)
Samskara@sh.itjust.works 2 weeks ago
Private key probably. Only the public key is not enough to sign the package.