zlacker

> Unsigned binaries were recently deprecated entirely on M1 Macs.

Except bins signed by self-signed certs are still treated basically the same as unsigned binaries were before.

>>mlyle+(OP)
You don't even need a true signature. An ad-hoc one (which can be linker-generated) and has no cryptographic key attached is considered as valid.

>>my123+q9
And in the next N releases of macOS those features will be quietly removed since 99% users are running properly notarized binaries anyway...

>>darkwa+Xc
That’s certainly an option. But absolutely nothing points to it being the actual thing that will happen other than wild baseless speculation.

>>darkwa+Xc
Why would that happen in the next N releases, when it hasn't happened in the previous M releases? What's changed?

>>user-t+Pk1
I think there's some perception by people like this that --- there's some massive goal towards restricting users, and each change in the security policy is an incremental step.

But it doesn't really make sense:

- All the technical work to restrict users could certainly be done in one release: it's not that hard.

- As to market acceptance, I don't think any of the changes re: binary signing are "getting users used to" being restricted.

So, requiring signed binaries doesn't appreciably make the technical or market challenges of restricting unapproved apps easier.

>>mlyle+(OP)
From my post:

> Even self-signing the apps has macOS treating them as if they're radioactive.

>>heavys+4U1
It's reasonable to know the app isn't self-signed and having to do the right-click "Open" for the first launch.

I appreciate that I can both benefit from PKI attestation of apps (for a small degree of protection against malware), and I can override it and run unsigned stuff.