It’s the same kind of extortion racket that these powermods (they do it for free, lol) like to engage in in Reddit and Lemmy too: Play ball, or get banned/defederates for engaging with no-no communities.

And the worst part about it is they genuinely think they do it for a greater good instead of their petty power fantasies and power struggles (“we own this corner of the internet.”)

Ich bin kein Trekking Experte, aber da muss doch schon viel mehr schief gehen als Schlappen und falsche Route, wenn man auf einer Sommerwanderung stirbt?!

Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code. This made it possible to create manipulated updates and push them onto victims, as binaries signed this way cause a warning „Unknown Publisher“. Since v8.8.7, however, Notepad++ relies on a legitimate GlobalSign certificate, and installing its own Notepad++ root certificate is no longer necessary – if such a warning pops up, users should be alarmed.

I don’t understand how this is relevant. Unless the attacker has either

(a) somehow acquired the private key of the cert

(b) replaced the cert delivered through the installer

A self signed cert isn’t any worse. Both of these attack vectors still work with a public root CA. Or maybe notepad++ just forgot to validate the self signed cert against the one they delivered through their sources, just accepting any non-expired cert? That’s just a bug.

occums razor

Get your mind out of the gutter.