Yes, fair, but you could also make an unsigned "trojan", which sideloads our then signed binary, so the user will not see what happens either.
This is not how this works. The sideloading tool would be unsigned, and such behavior also very likely will get caught by the default AV in Windows.
The one who trust us, can download it here, and what others do, is not our "coffee" as we say in germany.
No, the reality is you are spreading an unsigned binary without source code in 2023. There is no one to trust, because the binary is unsigned, so there is no trust chain.
It's like putting up a website without https in 2023.
It just shows your level, or lack thereof, nothing else.
Had your binary been signed, I would not have written anything about the source.
Your assumption that I needed to learn anything from it was very misguided, it was from the start about security.
