So this is another step for Apple to try to get everyone paying them their software development tax, since "notarization" requires you paying the $100 annual fee.
While you currently can still run digitally signed software that is not notarized, this document admits that in the future signed software will require Apple's approval, so Apple will make everyone's software LESS secure (by forcing developers to not sign the code if they aren't paying Apple) so that it will continue running.
So this is another step for Apple to try to get everyone paying them their software development tax, since "notarization" requires you paying the $100 annual fee.
I don't think Apple really cares about the fee. I know that the three platforms are now bundled together under one developer program, but suppose that there are 100,000 Mac developers that publish signed or App Store applications (which is probably an overestimation), the fees will make Apple 10 million. This is less than pocket change to them.
To me it seems that the $100 annual fee is to prevent fraud: (1) using a credit card to tie the developer account to an actual person; (2) make it expensive enough to avoid playing whack-a-mole with malicious account creation.
Indeed. Plus don't underestimate the psychological barrier that value can provide.
100$ are a sweet spot: it keeps everyone and their dog from signing up just because ("it's free, I might give it a go"), but at the same time it's not too much for a motivated developer who wants to dabble into programming for the Apple ecosystem of devices.
At a global level, those are called "rich people". I'm sure you can find some individual exception somewhere, but by and large every mac user will be able to scrape or borrow $100 by the time their software is developed, tested and ready to ship.
...paid? You think only paid software needs certification? Also, yes, they will be the same people anyway, not every worthwhile project gets VC funding. Also, unpaid software is _already_ suffering from the certification situation.
Ok, what entitles anyone to be able to publish their software in the repository of a for profit company? Why should it be open for free to everyone?
You don't want pay that fee? Cool, there's Android and many other open platforms to program for.
I will never understand the sense of entitlement people have against Apple. You are free not to buy Apple products and services if you think they are overpriced.
Plus, no, it's not subjective. It's objectively low compared to many other access or licence fees a developer might pay in heesh professional life.
I'm not sure where you get a sense of entitlement from my comment. But my point about the fee is that even if it is low compared to other fees, that doesn't mean all developers who want to publish in the Apple ecosystem can afford to do so.
The context of the discussion is that this will change in the future. I have predicted that from the day Gatekeeper was invented. I still hope I'm wrong and it will always remain possible to run unsigned apps on MacOS.
If this changes some day, I already know what I tell the users of my program, though: I, the developer, have not made any changes to the application and the reason why it no longer runs is solely Apple's responsibility. Please contact Apple's Customer Support and/or sue the company in case you cannot access your data any longer.
Further support requests will then be forwarded to Apple.
>I have predicted that from the day Gatekeeper was invented.
And I have predicted people like you are wrong because there is no hardware backing for it yet, unless by "the future" you mean literally a good decade or more down the line which for tech is getting into really hazy land. But equating the Mac to iOS devices right now just plain makes no sense because the Mac doesn't have that whole hardware chain. iOS isn't magic, while I think Apple's level of lockdown should be illegal on a cultural level on a technical level what enables it is the hardware. On the Mac maybe the newest ones with Apple's T-series chips represents first steps in that direction, and of course if Apple does in fact someday decide to switch the Mac from x86 to their own ARM-based processors they'd have far more power there. But even that doesn't solve the legacy issue, and at this point Apple has built a great deal of culture and brand around supporting hardware for a long time. They still support Mojave officially on 2010 Mac Pros [1] for example, and right now they're still selling new Macs without even T-chips. Sure, it's not impossible that they could release an ARM Mac system in 2020 and then immediately put all "legacy Macs" on life support [2], but that'd a big a pretty surprising choice wouldn't it? It'd engender a lot of justified fury.
>If this changes some day, I already know what I tell the users of my program, though
I hope you realize how pointless this is likely to be? It'd be better to work on a political answer around it and inform your users accordingly.
----
1: A few unfortunate caveats around features hampered by the MP's very old EFI aside, which is a complex discussion on its own.
2: Though I'd expect lawsuits over a decision like that at least in the EU.
It's not pointless at all, I wasn't talking about sending a political message but about harsh reality. If MacOS closes down, I will simply be unable to support Mac users of my apps and have no transition path for them. I have good export options in my application, and that's about all I can do.
As for the rest of your post, I don't get it. To close their ecosystem Apple only has take away the option to make Gatekeeper exceptions for unsigned apps and the option to switch off Gatekeeper. I wasn't talking about anti-jailbreaking protections, it suffices that you'd have to hack the OS and violate the EULA in order to run unsigned apps.
Whether that happens or not I don't know. So far, the path has been down that road. (Just look at the gradual changes in Gatekeeper, introduction of sandboxing, unification of iOS and MacOs, etc.)
Isn't all this achieved with a generic code signing certificate? What additional benefit does Apple's "notarization" offer, other than further fragmenting the market?
The page has a list. In short, you get a better experience with regards to Gatekeeper, and you will need to notarize your apps if you want them to continue to work on later versions of macOS.
It's actually a big change. One issue is that Apple may not approve you(for whatever reason) or keep you on the waitlist for weeks(happened to me). Not to mention that there won't be any competition. Next would be to make Safari and any browser running on osx accept only Apple tls certificates. That would be "awesome"! Finally Apple "secures" the internet
You don't need to be a time traveller to see that Apple will be the only one accepted as issuer. I really don't understand how people can feel comfortable with that. The next step is making the browsers trust only Apple's tls. At some point Apple will have to "obey the law" and ban any application that either violates certain country laws or its own TOS.
Interestingly enough I only see such complains from devs that are using OS X as pretty Linux, and seldom from those that are actually selling OS X apps.
First of all, $100 per year merely covers the costs for this service.
Apple will never force apps to always be notarized, although they might enable admins to enable such a feature for security purposes which I think is great.
I think this is about what is required. To get the benefit of being signed (i.e opening without user interaction to get past Gatekeeper) will in the future require being notarised.
So you will still be able to ship an unsigned app, but you won't be able to ship a signed, un-notarised one.
While you currently can still run digitally signed software that is not notarized, this document admits that in the future signed software will require Apple's approval, so Apple will make everyone's software LESS secure (by forcing developers to not sign the code if they aren't paying Apple) so that it will continue running.
Sigh.