Hacker News new | past | comments | ask | show | jobs | submit login

I'm talking about the setting to disable requiring notarization for quarantined apps, which doesn't exist yet so I'm simply guessing it will show up there initially.



Without notarization, the signature of the app is tied to the lifetime of the developer id certificates. Thats one of the benefits of notarization (which Microsoft also I believe requires now) - the notary can say 'it was signed while the developer id certificate was still valid', which allows the signature to outlast the certificate.

I would expect Developer ID certificates to all expire by the changeover, with the only point for continuing to ship Developer ID certificates would be so that new app builds can work on pre-Mojave OS releases. Or I suppose skipping any Apple-run scans of your software.


Without notarization, you can still `codesign --timestamp` to have Apple co-sign your app, which validates that your certificate was valid when you signed the app, even if your certificate later expires.

Notarization is an advanced version of this where Apple adds to the signature "we have scanned the app for vulnerabilities and will continue to do so"


> Thats one of the benefits of notarization (which Microsoft also I believe requires now)

How does code signing work in Windows (for normal win32 programs)? I know I don't have any problems running 15 year old programs, which I have to assume predate any type of code signing.


I expect they won't be separate.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: