undefined | Better HN

0 pointsjeroenhd4y ago0 comments

As a non-Mac developer, what does it mean to notarize a piece of software? Is that something you need to do in order to be able to run a piece of software these days?

0 comments

my1234y ago

It's used as part of Gatekeeper for software downloaded from the internet.

See https://developer.apple.com/documentation/security/notarizin... for the notarisation process and https://support.apple.com/en-us/HT202491 for the customer-facing documentation, which includes how to work around it when needed.

Gatekeeper can be totally disabled via sudo spctl --master-disable.

jeroenhdOP4y ago

I see. That's a pretty developer-hostile measure. Luckily, I don't intend to ever ship any software to Macs, so it's not a problem to me. If I did want to ship a Mac version of any tool I'd write, I'd pretty hesitant to jump through Apple's hoops, so I can understand why developers don't want to notarize their stuff.

my1234y ago

For Windows, distribution without signing isn't exactly painless either, and the signing certificates for that are quite expensive.

And there, it's not even deterministic, see https://www.digicert.com/dc/blog/ms-smartscreen-application-...

The goal of the system is to authenticate which developer made a given piece of software, to be able to track the spread of malware. An option is always given for a user to opt-out.

heavyset_go4y ago

> Gatekeeper can be totally disabled via sudo spctl --master-disable.

If you had to do this on Linux to run software that wasn't notarized by Red Hat, HN posters would write about how unfriendly and developer hostile Linux is.

j / k navigate · click thread line to collapse

0 comments

my1234y ago

It's used as part of Gatekeeper for software downloaded from the internet.

Gatekeeper can be totally disabled via sudo spctl --master-disable.

jeroenhdOP4y ago

my1234y ago

For Windows, distribution without signing isn't exactly painless either, and the signing certificates for that are quite expensive.

And there, it's not even deterministic, see https://www.digicert.com/dc/blog/ms-smartscreen-application-...

The goal of the system is to authenticate which developer made a given piece of software, to be able to track the spread of malware. An option is always given for a user to opt-out.

heavyset_go4y ago

> Gatekeeper can be totally disabled via sudo spctl --master-disable.

If you had to do this on Linux to run software that wasn't notarized by Red Hat, HN posters would write about how unfriendly and developer hostile Linux is.

j / k navigate · click thread line to collapse