The Bitwarden security model follows a zero-knowledge architecture, which is great for security because a user does not have to trust the infrastructure. Following this idea, it makes sense to sign the release binaries with a trusted developer key.
Why isn’t this already part of Bitwarden’s security best practices?
I’m never certain without the AppImage tool but I can’t see a signature on the Appimage, so the Linux desktop app does not appear signed in any of it’s 3 packages.
I think the Windows & Mac desktop apps and the browser addons all are signed.
What exactly do you mean? I am a Linux user and the only thing I would like to see is a binary signature, like even my damn Android music player developer team does. Dear Bitwarden developers, what is wrong with you?