Open Source the installer
I'm concerned about the requirement to sign the MSI installer for on-premises installations. While I understand the importance of ensuring the integrity and authenticity of the software, I believe that signing an installer without access to its source code poses significant security risks.
Without the ability to review the source code, we cannot verify that the installer is free from vulnerabilities or malicious components. This lack of transparency undermines the trust and confidence that we place in your software. As a result, we are hesitant to endorse the installer without a thorough understanding of its contents.
We need the installer to be open source. This would allow us to inspect the code ourselves or have it reviewed by trusted third parties, ensuring that the software is secure and reliable.