Post

Replies

Boosts

Views

Activity

Reply to Notarizing Dmg with an unsigned element
Our product is a developpement tool that can be simply used as a database.Some customers will sign their customized binaries and some will not.If they do not then the problem is that they will still distribute a damaged signed (with our certificate) package because the signature will be damaged due to customization.We do not want to provide, by design, a means to create product with wrong signature.
Dec ’19
Reply to Notarizing Dmg with an unsigned element
Hello,thank you both for your answers and the advices you have provided.To sum up here is how I understand your answers to my questions : 1. So far, we can mount unnotarized DMG (downloaded through internet). Will this continue to work on 2020?As signing DMG is not mandatory (https://developer.apple.com/news/?id=12232019a), this will continue to work but Apple recommend to have the dmg at least signed. 2. I have read it is recommended to notarize at dmg level. Is it because it is easier or are things are going to change preventing us to do it as we does currently ?I am not sure about this one : it is easier to just notarize everything as recommended so we want have issues if Apple changes the behavior in the future. 3. Will every warning in the notarization log will be turned into an error on 2020 and the whole notarization request in the dmg will be rejected, or will the notarization process will create ticket for each top component of a given DMG ?Every warning will be turned into error starting Feb 3rd 2020 and the whole package will be rejected as it use to be in Catalina beta (before september 2019). 4. Do you have any advice of what we should be doing instead ?Yes, make it simple. Even your small customers should subscribe to Apple developper program, get a certificate and notarize the built application. If they do not, then signature will be broken but this is not our problem. Do you agree with all that ?Thank you all for your help. I hope this discussion will help other users too.Kind regards.
Jan ’20