Webcord RPM package cannot be installed because headers are not signed. about webcord HOT 2 OPEN

Right now, none of the builds are signed. This is mostly there's no integrated way in the Forge to sign (most) Linux distributables. And I'm not going to buy and keep renewing any certificate for Windows and macOS when I make $0 of monthly income from WebCord as of itself (some people donate me money to support me as a dev, but I consider this money as a way of supporting me, to help me reach a goal of giving more of my time to FOSS development than consider working on proprietary code only just so I don't die poor).

As of macOS I've also heard of a way to get cert that can be used for non-profit purposes (as non-profit org or party I guess), so that could be it, but again I still have no Apple hardware and installing macOS outside of it (hackintosh, emulators etc.) feels like to be in gray zone when it comes to the legality. Consider even Microsoft providing free builds of Windows just made for the developers to test their applications in their OS on a VM. This is just how Apple is unfriendly towards the developers that are the userbase of another OSes, they want from devs to buy their hardware and stuff just to have some dev env for it.

As of Linux, before I sign stuff, I need to learn how to do it first - most packages are signed with GPG for sure, but again there might be some required toolkits to embed the signature within the package. I might also need to do this as a Forge process, since Forge immediately publishes the packages to GitHub after creating them during the release process. So yes, signing there isn't that much straightforward when makers (in your scenario, @electron-forge/maker-rpm) don't integrate it (and they possibly should doing so). So while signing all current Linux packages that are published at GitHub Releases is a long term goal, for sure I won't achieve it soon. It might also be outside of the WebCord's scope to implement it in some scenarios.

I guess you might need to tinker with your distro and disable it as a workaround? I see reasons at enforcing package signing, for sure it's useful especially when installing stuff from repos since you usually don't verify the contents of each of the packages manually there in any way. For now I'll flag this as wontfix, although I plan to take on it some day, maybe not directly within the WebCord, I think I might implement it more within the Forge, either by contributing to their code or making my own plugin and implementing signing for the makers I maintain (e.g. AppImages).

from webcord.

A workaround is installing from terminal with these parameters (at least on openSUSE), until a signed package is provided:

sudo zypper --no-gpg-checks install webcord-4.8.0-1.x86_64.rpm

from webcord.