This is the explanation for why:
Comment on Notepad++ updater installed malware
floofloof@lemmy.ca 1 month ago
Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code.
That doesn’t sound wise.
techt@lemmy.world 1 month ago
asbestos@lemmy.world 1 month ago
So the private key was left in the Github source code and nobody caught it? Or was it the public key? (which makes this statement way less impactful)
Samskara@sh.itjust.works 1 month ago
Private key probably. Only the public key is not enough to sign the package.