This is the explanation for why:
Comment on Notepad++ updater installed malware
floofloof@lemmy.ca 2 months ago
Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code.
That doesn’t sound wise.
techt@lemmy.world 2 months ago
asbestos@lemmy.world 2 months ago
So the private key was left in the Github source code and nobody caught it? Or was it the public key? (which makes this statement way less impactful)
Samskara@sh.itjust.works 2 months ago
Private key probably. Only the public key is not enough to sign the package.