Please provide a signed version of install.ps1

[dpaoliello]

The PowerShell install script (install/install.ps1) is currently unsigned, requiring anyone running it to bypass PowerShell's execution policy, potentially allowing a vector for a supply-chain attack (especially since it isn't obvious or easy to get a hash of the install scripts so that clients can verify them).

Can you please provide a signed version of the script - either checked-in or as part of the release artifacts.

[reillysiemens]

Thanks for bringing this to our attention, @dpaoliello. We're looking into the best way to handle a signed installation process. We're not yet sure if this will result in signing the install/install.ps1 script itself or preferring another mechanism altogether, but it's an active discussion.