The discussion on GitHub strongly implies that it's more than effort, and that random people don't just get certificates regardless of effort, because Apple is being cagey and reluctant to issue them even to large and prominent companies. I wonder what the specifics of that are...
Well, compromising a kext would be a significant 0wn and quite difficult to explain away.
I can see how Apple would be cagey and reluctant: although it’s technically feasible to revoke compromised publishers imagine the hysteria “OMG Apple kernel got 0wnd!”, “Apple kernel phones home to spy your extensions!”, “Apple can remotely brick your Mac with key revocation!”
It’s bull of course...
... I guess FUSE is one kernel service Apple should just provide out of the box
