Thanks for your reply! GnuPG is a good way for people that know how to handle that complexity. Unfortunately I need to disagree, as GnuPG and so many other way of tools out there, provide no ease of use at all. How many people do you know that verify downloads using GPG? Furthermore, there is no decentralized platform involved that provides a immutable ledger that keeps track of signed assets including identity.

So the comparison is a bit like comparing apple with oranges.

We don’t count EV certificates at all as they costs much more than any of our service. To make a fair comparison, we don’t calculate savings on having one code signing certificate (no EV), as many developers want a certificate to serve the current application need (Windows download, AppStore). But using CodeNotary, you can stick to that one certificate. But, if you want to revoke a single version, you need to revoke the certificate, eventually revoking all your signed assets. CodeNotary doesn’t cost more no matter what you’re signing. No need to buy any other certificate to provide granularity for signing hundreds of versions and applications are .