Hacker News new | past | comments | ask | show | jobs | submit login

There is no certificate involved in ad-hoc code signing. It's just a hash with no identity or chain of trust involved.

Yes but "ad-hoc" code signing is almost useless on its own on macOS, it almost always goes with notarization, which does require a revokable certificate with a chain of trust attached to a Developer ID for the initial code sign.

> You can only notarize apps that you sign with a Developer ID certificate. If you use any other certificate — like a Mac App Distribution certificate, or a self-signed certificate — notarization fails with the following message: "The binary is not signed with a valid Developer ID certificate."



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact