(This is based on a recent long thread on Hacker News about developers experiencing sluggishness running command line tools in latest versions of macOS.)
When I create a new executable locally (for example, a one-liner shell-script or a C program), the first execution even from Terminal causes a network request by syspolicyd to apple-cloudkit.com.
The posts below appear to suggest that Gatekeeper shouldn't be firing unless I am running a downloaded item marked with the quarantine xattr, and even then only from Finder.
There was discussion if this network hit is expected behavior. How can we disable it for local, non-end user distributed binaries? Is the behavior notarization-specific, or something entirely different like XProtect?
Retrieving data ...