Comment by mlyle
4 years ago
> Unsigned binaries were recently deprecated entirely on M1 Macs.
Except bins signed by self-signed certs are still treated basically the same as unsigned binaries were before.
4 years ago
> Unsigned binaries were recently deprecated entirely on M1 Macs.
Except bins signed by self-signed certs are still treated basically the same as unsigned binaries were before.
You don't even need a true signature. An ad-hoc one (which can be linker-generated) and has no cryptographic key attached is considered as valid.
And in the next N releases of macOS those features will be quietly removed since 99% users are running properly notarized binaries anyway...
That’s certainly an option. But absolutely nothing points to it being the actual thing that will happen other than wild baseless speculation.
Why would that happen in the next N releases, when it hasn't happened in the previous M releases? What's changed?
1 reply →
From my post:
> Even self-signing the apps has macOS treating them as if they're radioactive.
It's reasonable to know the app isn't self-signed and having to do the right-click "Open" for the first launch.
I appreciate that I can both benefit from PKI attestation of apps (for a small degree of protection against malware), and I can override it and run unsigned stuff.