Hi,I develop a tool which has to come as PKG installer to the customers by download. The tool is built automatically. Thus, no manual XCode signing but using a Makefile with productsign:$ productsign --sign "Developer ID Installer: company (P5L99xxxxx)" unsigned.pkg signed.pkgFinally, everything seems fine and this is what the test with spctl returns:$ spctl --assess --verbose --type install mac/signed.pkg mac/signed.pkg: accepted source=Developer IDI also tried to verify using pkgutil:$ pkgutil --check-signature mac/signed.pkg Status: signed by a certificate trusted by Mac OS X Certificate Chain: 1. Developer ID Installer: company (P5L99xxxxx) SHA1... 2. Developer ID Certification Authority SHA1... 3. Apple Root CA SHA1...For me it looks all good but all the customers will get the message"signed.pkg" can't be opened because it is from an unidentified developer.If such customer is calling the above spctl call after he got the warning, his tool also reports "accepted". Upon this, it no longer complains any more.You can try by yourself by downloading the signed app from here: http://www.regify.com/DOWNLOAD/beta/ (please test the regibox .pkg file)I tried several certificates and already learned that the "3rd Party Mac Developer Installer" certificate is wrong and only for tests. Thus, I exported the "Developer ID Installer: company..." certificate from XCode and used this (as seen above). But it does not work :-(What's wrong?Best,Kukulkan

Hi,I recently started to add notarization to our build script. By this, apps are built, signed, packaged and notarized every hour, given that some developer has changed something.Now, the notarization emails annoying me. For every build I get such "Your Mac software was successfully notarized." email. If something fails, my build script will send me an email anyway. I really do not need this notarization emails.Is there a way to turn this off?

Hi. I run a website where people login using OpenID. And sometimes my DOS protection triggers a warning because of too many similar requests from the same IP. It works for 99.99% of the users, but a few users trigger the system. I investigated that further and did a server logfile extract on the calling IP. The log extract Please have a look. The /?p=connect lines are for a normal connect after the OpenID server successfully redirected the user. At first, I expect there to be one. But here it was 4 times. And also, why does the browser do so many request on the root (/)? Is there something wrong in my page that triggers such? And why only for a few users? I would love to get some hints about to reproduce such behavior and about the possible reasons. Hint: There is one 403 code at the bottom, which was after the DOS protction system identified this as an attack.

Hi. I plan to use a WebView in an iOS app (SWIFT) and this should run a web app with WASM and using IndexedDB for permanent credentials. I found rumors and information on Apple deleting data in IndexedDB and localStorage after 7 days (see links below). But I found no official information that tells me if this is true for my WebView in my ordinary mobile App (not PWA). A test cycle over a week to find out is hard to do... Is there any reliable and clear information on this and am I affected? Thank you! . Links about this topic: https://news.ycombinator.com/item?id=28158407 https://www.reddit.com/r/javascript/comments/foqxp9/webkit_will_delete_all_local_storage_including/ https://searchengineland.com/what-safaris-7-day-cap-on-script-writeable-storage-means-for-pwa-developers-332519