Implications of Mandatory Notarization

Apple hasn't said when this new policy will be implemented. Perhaps we'll all be long gone for other reasons before that happens.

Apple's isn't necessarily restricting choices further. And Apple hasn't said how future Gatekeeper user controls will be implemented. What they are doing is deprecating Developer ID. A Developer ID without a valid notarization ticket will be considered unsigned - kind of. It sounds like just revoking a certificate wasn't good enough. They added notarization for a real-time check.

It seems obvious that an iOS-style experience is the end game.

However, I don't think your concerns are necessarily valid concerns. As far as I can tell, you will still be able to run unsigned software as today. You just have to authorize it at install time. That will cover 1,2, and 3. Now if you distribute software for "the masses" then you should probably use Developer ID and you should do whatever becomes necessarily to keep your ticket valid. But for any other use, it should be the same as it is now. People who currently distribute unsigned files, like homebrew, should be unaffected. If it is working for those folks as it is, it shouldn't change.

4) is more interesting. Here, I think Apple is doing developers a big favour. Currently, the "gold standard" for putting a malware label on your software is Virus Total. Anyone who pays their way in can call themselves an antivirus app and start calling you a malware developer. When I first added adware checking to my app circa 2014, I left the string "Genieo" in my executable. That was enough for a number of household name AV apps to call my app adware. I fixed it in literally about two hours, but now I have this "adware" reference in Virus Total. I even have a couple of self-deputized Inspector Javerts following me around on the internet saying I write malware. Virus Total refuses remove that reference and refuses remove blatantly libellous comments on their site. And to add insult to injury, they seem pretty clueless about how the Mac works. I would much prefer to have Apple be the gold standard for such things than Virus Total.

However, you should make sure to read the update to the Apple Developer Terms and Conditions. It looks like we are pretty restricted on what we, as developers, can say about Apple's notarization process. Essentially, we can and should use it, but be can't say that Apple has declared it safe or malware-free or anything. But that's OK. End users don't know the difference. They think Apple is doing all kinds of security and safety checks for Mac App Store apps. Notarize your app and let people believe what they will inevitably believe. It isn't our job to explain how easy it would be to get malware past Apple.

We encourage developers to upload all the macOS software they distribute, including versions previously released. This helps users of older versions of your software and helps us improve as well.

Today, end users can override Gatekeeper in order to run whatever macOS software they want. Notarization does not prevent this.

Just saw this.

https://developer.apple.com/news/?id=04102019a

It is coming more quickly than maybe some people thought.

Please review the dates on this thread and the date on that page from Apple Developer News.

As per understanding, shortly notarization process will be mandatory to run MacOS software. This query is regarding the MacOS software which are presently running on MacOSX 10.12.

Queries : -

1) Is notarization mandatory to run the applications on MacOSX 10.12 version?

2) There is another query regarding the EOL of MacOS versions? Do Apple provides any official statement on EOL of their specific versions? Wikipedia mentions 29,November 2019 as EOL for MacOSx 10.12, but not able to figure out any official statement from Apple on it.

1) No it's not. Only 10.14 and later (anyway, you can still run unsigned and unnotarize apps too, either by right click -> open in Finder or by allowing it in the Security prefs panel)

2) Apple doesn't provide a official public statement on EOL. But yes, 10.12 is EOL, the latest security updates are not released for 10.12.