Within the eco-system, software is doomed.

Unless your binaries are signed and certified by $APPL, Mac users will have to jump hoops to get it running on their system.

On top of that, if your software accepts incoming connections from the outside, you’ll have to tell the to authorize connection, every time you run the software. E.v.e.r.y.t.i.m.e. (Unless you disable that firewall)

@judeswae signing isn't super difficult though. And I would say that it helps the overall security of the system.

Reality is that for most folks FOSS options aren't there if they aren't any the OSX store anyway. So it is important for FOSS projects to get there.

@ted I tried signing some software for distribution. And It’s freaking complicated. Not the signing part. The whole thing before that requires and AppleID, an AppleDeveloperID, an Apple device to be able to get an AppleDeveloperID, a credit card to pay whatever AppleDeveloper fee they want every year. I stopped at step 25 If I remember correctly. And signing keys were not even in sight.

@judeswae non-trivial for sure, and unreasonably complex. But not worse than most FOSS build systems. 😉


@ted We’re deviating here. I can run almost any piece of software on a FOSS built system without it complaining about certificates or preventing me from shooting myself in the foot.

You’re talking about signing software only.

It’s not easy. Whatever the system. And with Apple, it’s freaking expensive.

@judeswae that is true, but I would argue that a FOSS Desktop today is less secure because of it. The lack of application confinement and pervasive side-loading makes for an environment where most users can't keep their system secure.

It is basically a 2000's security model playing against a 2020's threat model.

Sign in to participate in the conversation

A Mastodon instance running on Thoughtworks infrastructure for its employees to interact with the Fediverse.