[PD-dev] Mac Os now requiring Apple signatures on all SW !?

Jonathan Wilkes jancsika at yahoo.com
Sat May 11 00:50:02 CEST 2013 

----- Original Message -----

> From: katja <katjavetter at gmail.com>
> To: Jonathan Wilkes <jancsika at yahoo.com>
> Cc: Miller Puckette <msp at ucsd.edu>; "pd-dev at iem.at" <pd-dev at iem.at>
> Sent: Friday, May 10, 2013 5:43 PM
> Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
> 
> Correction, current terminology is 'identified developer' (not
> 'certified'). Here's Apple's how to handle apps from 
> unidentified devs
> on OSX 10.8:
> 
> http://support.apple.com/kb/PH11436

Then the steps to override are outlined on that page.  Since it stores the
override as an exception it's minimal bother for the user.

I'm not exactly sure what I think of the Apple Developer Program.  It
provides a very minimal benefit of communicating to the user that the
binary they are attempting to run was signed by someone who has
jumped through some hoops, is probably the person they say they
are, and probably hasn't put any overtly harmful code inside the software.
But that's a long way from anything approaching meaningful security like
showing the source to anyone in the world that wants to look.  Just compare
the number of viruses and spyware coming from the app store to the
number of viruses and spyware that have ever come from Debian repositories.
While that's not an issue for Pd which has its source publicly available, just
having the signature adds credibility to the system.

If someone from the Pd community is willing to pay money to use a system
that has a broken security model, I'd at least like to see it go first toward
downloading Pd over SSL since at least we know how exactly that system
is broken and the security it does add would benefit all distributions,
not just Mac OS.

-Jonathan

> 
> 
> Katja
> 
> 
> 
> On 5/10/13, katja <katjavetter at gmail.com> wrote:
>>  About OSX 10.8 Mountain Lion I've read some time ago that it would run
>>  / install apps from certified Apple devs only, unless the user
>>  disables that level of security, and then it would run any app without
>>  such restriction (which is of course not recommended). At the time I
>>  read about that, I was considering upgrading from OSX 10.5, but the
>>  concept of 'Apple certified developer' made me think twice.
>>  Eventually, it made me turn towards Linux for good. Still I feel that
>>  Pd, externals and patches should be supported for as many platforms
>>  possible, as is tradition.
>> 
>>  I can understand why Apple wants to raise their standard for trusted
>>  code. In Linux world too, there's screening before one gains write
>>  access to trusted repositories, which is obviously beneficial for
>>  quality and security. But in Apple's case, selection rationale and
>>  criteria will not be open to discussion, or even fully knowledgeable.
>>  Therefore, being 'Apple certified developer' is more like being a
>>  loyal employee than an independent software developer. Frankly, I feel
>>  no appeal at all. Hopefully there's a way around.
>> 
>>  Katja
>> 
>> 
>> 
>> 
>>  On 5/10/13, Jonathan Wilkes <jancsika at yahoo.com> wrote:
>>>  ----- Original Message -----
>>> 
>>>>  From: Miller Puckette <msp at ucsd.edu>
>>>>  To: pd-dev at iem.at
>>>>  Cc:
>>>>  Sent: Friday, May 10, 2013 12:41 PM
>>>>  Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW 
> !?
>>>> 
>>>> T o Pd devs -
>>>> 
>>>>  I heard from a student that the neweset Mac Os (10.8?  not sure -
>>>>  perhaps
>>>>  we
>>>>  can just call it 'Cheshire Cat') won't run binaries of 
> any sort that
>>>>  haven't
>>>>  been signed by Apple - and that to get Apple to sign your app you 
> have
>>>>  to
>>>>  register as a developer ($100/year) and still risk getting 
> denounced as
>>>>  non-Apple-approved.  If this is really the case it puts all of us 
> in a
>>>>  bind -
>>>>  for example to publish a piece of music that relies on a custom 
> extern
>>>>  you'd
>>>>  have to pay out the $100 in perpetuity to keep the extern signed.
>>>> 
>>>>  Maybe this is overblown but if it's true it puts Pd devs in a 
> bind - I
>>>>  think
>>>>  we're obliged to try to suppport Pd on Apple (so as not to 
> undercut
>>>>  current
>>>>  Pd users who are on Mac) but to play along with Apple would be to
>>>>  participate
>>>>  in what is ultimately a scheme to wrest control away from computer 
> users
>>>>  everywhere.
>>>> 
>>>>  I'd welcom others' views on this, especially if someome can 
> tell me this
>>>>  is
>>>>  a false alarm :)
>>> 
>>>  I haven't read a single article or new story on anything resembling 
> this.
>>> 
>>>  Such a move would make the entire Apple ecosystem incompatible
>>>  with ALL GPL v3 software.  I suppose such a move isn't outside of 
> the
>>>  realm of possibility, but if Apple did go down that road you can bet it
>>>  will effect more than just Pd-extended/Pd-l2ork.  So either a) its FUD,
>>>  or b) we would throw our weight behind whatever large-scale
>>>  organizing effort manifests itself (probably coming from the FSF) to
>>>  defeat such a move.
>>> 
>>>  Either way it should not affect a single line of Pd code nor the
>>>  development
>>>  process.
>>> 
>>>  -Jonathan
>>> 
>>>> 
>>>>  Miller
>>>> 
>>>>  _______________________________________________
>>>>  Pd-dev mailing list
>>>>  Pd-dev at iem.at
>>>>  http://lists.puredata.info/listinfo/pd-dev
>>>> 
>>> 
>>>  _______________________________________________
>>>  Pd-dev mailing list
>>>  Pd-dev at iem.at
>>>  http://lists.puredata.info/listinfo/pd-dev
>>> 
>> 
>

More information about the Pd-dev mailing list