it blows me away that this is even a product. it's like a half day of dev time, and they don’t appear to have over-engineered it or even done basic things given the exploit here.
Software developers don't actually write software anymore, they glue together VC-funded security nightmares every 1-3 years, before moving on to the next thing. This goes on and on until society collapses under its own weight.
In my experience, blame for this basically never lies on grunt-level devs; it's EMs and CTOs/CIOs who insist on using third-party products for everything out of some misguided belief that it will save dev time and it's foolish to reinvent the wheel. (Of course, often figuring out how to integrate a third-party wheel, and maintain the integration, is predictably far more work for a worse result than making your own wheel in the first place, but I have often found it difficult to convince managers of this. In fairness, occasionally they're right and I'm wrong!)
With all due respect, a compile pipeline across Win, Mac, Linux, for different CPU architectures, making sure signing works for all, and that the Electron auto-updater works as expected is a nightmare. I have been there, and it’s not fun.
