Comment by my123
4 years ago
You don't even need a true signature. An ad-hoc one (which can be linker-generated) and has no cryptographic key attached is considered as valid.
4 years ago
You don't even need a true signature. An ad-hoc one (which can be linker-generated) and has no cryptographic key attached is considered as valid.
And in the next N releases of macOS those features will be quietly removed since 99% users are running properly notarized binaries anyway...
That’s certainly an option. But absolutely nothing points to it being the actual thing that will happen other than wild baseless speculation.
Why would that happen in the next N releases, when it hasn't happened in the previous M releases? What's changed?
I think there's some perception by people like this that --- there's some massive goal towards restricting users, and each change in the security policy is an incremental step.
But it doesn't really make sense:
- All the technical work to restrict users could certainly be done in one release: it's not that hard.
- As to market acceptance, I don't think any of the changes re: binary signing are "getting users used to" being restricted.
So, requiring signed binaries doesn't appreciably make the technical or market challenges of restricting unapproved apps easier.