Why I Sign Every .exe With Sigstore - PC Workman v1.7.2 Release, Security-First Open Source

Someone tried to scare me with a security audit. It backfired. A few days ago, a stranger on the internet found PC Workman - my open-source system monitor - downloaded the.exe, and before running it, did what any sane person should do in 2026: they ran a full security audit. Not a quick VirusTotal check. A proper audit. They used Claude to analyze the codebase, the build pipeline, the permissions model, the network behavior, everything. Then they sent me the results. I think they expected me to panic. Instead I replied: "Can I see the full report?" They shared it.