[PD-dev] Mac Os now requiring Apple signatures on all SW !?

Jonathan Wilkes jancsika at yahoo.com
Sat May 11 01:08:02 CEST 2013


----- Original Message -----

> From: Miller Puckette <msp at ucsd.edu>
> To: Jonathan Wilkes <jancsika at yahoo.com>
> Cc: katja <katjavetter at gmail.com>; "pd-dev at iem.at" <pd-dev at iem.at>
> Sent: Friday, May 10, 2013 6:28 PM
> Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
> 
> So here's a mad idea I had - what if I put a 'validated' Pd vanilla 
> up for 
> sale for $5 - but also give the identical program away for free the way I do
> now - that way, school sysadmins who really want their machines only to run 
> 'validated' sotware will be out $5 a box and we can put the money toward 
> the 
> next Pd convention.  Maybe that's the canonical way to run a Pd convention 
> in
> the USA - by acting like USA people.

Again, that adds credibility to a system that adds little more than a pain for
users, and it distracts everyone other than bureaucrats.  Most users just want to
download and run your software.

If a school sysadmin wants to misunderstand security and force instructors to
go through the hoops, then the school or, at worst, the instructor should pay you
to jump through the hoops and get a signing key.  The end user shouldn't even be
aware of any of this, other than maybe seeing a link to the _trivial_ workaround
katja mentioned next to the version you currently have available.

-Jonathan

> 
> cheers
> M
> 
> On Fri, May 10, 2013 at 03:12:23PM -0700, Jonathan Wilkes wrote:
>>  ----- Original Message -----
>> 
>>  > From: katja <katjavetter at gmail.com>
>>  > To: Jonathan Wilkes <jancsika at yahoo.com>
>>  > Cc: Miller Puckette <msp at ucsd.edu>; "pd-dev at iem.at" 
> <pd-dev at iem.at>
>>  > Sent: Friday, May 10, 2013 5:20 PM
>>  > Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW 
> !?
>>  > 
>>  > About OSX 10.8 Mountain Lion I've read some time ago that it would 
> run
>>  > / install apps from certified Apple devs only, unless the user
>>  > disables that level of security, and then it would run any app without
>>  > such restriction (which is of course not recommended). At the time I
>>  > read about that, I was considering upgrading from OSX 10.5, but the
>>  > concept of 'Apple certified developer' made me think twice.
>>  > Eventually, it made me turn towards Linux for good. Still I feel that
>>  > Pd, externals and patches should be supported for as many platforms
>>  > possible, as is tradition.
>> 
>>  Pd-extended and Pd-l2ork have plenty of widely-used GPLv3 externals
>>  that come with them so it's a non-starter.  If the security setting you
>>  describe is a binary choice then unfortunately for the Mac user that is
>>  the proper solution here.  But keep in mind this isn't a choice between
>>  security and Pd, this is a choice between security and running any
>>  free software code whose devs refuse to support a non-transparent,
>>  arbitrarily revokable signing mechanism that has a central point of failure
>>  and terrible track record wrt to privacy/security.
>> 
>>  -Jonathan
>> 
>>  > 
>>  > I can understand why Apple wants to raise their standard for trusted
>>  > code.
>>  > In Linux world too, there's screening before one gains write
>>  > access to trusted repositories, which is obviously beneficial for
>>  > quality and security. But in Apple's case, selection rationale and
>>  > criteria will not be open to discussion, or even fully knowledgeable.
>>  > Therefore, being 'Apple certified developer' is more like 
> being a
>>  > loyal employee than an independent software developer. Frankly, I feel
>>  > no appeal at all. Hopefully there's a way around.
>>  > 
>>  > Katja
>>  > 
>>  > 
>>  > 
>>  > 
>>  > On 5/10/13, Jonathan Wilkes <jancsika at yahoo.com> wrote:
>>  >>  ----- Original Message -----
>>  >> 
>>  >>>  From: Miller Puckette <msp at ucsd.edu>
>>  >>>  To: pd-dev at iem.at
>>  >>>  Cc:
>>  >>>  Sent: Friday, May 10, 2013 12:41 PM
>>  >>>  Subject: [PD-dev] Mac Os now requiring Apple signatures on 
> all SW !?
>>  >>> 
>>  >>> T o Pd devs -
>>  >>> 
>>  >>>  I heard from a student that the neweset Mac Os (10.8?  not 
> sure - 
>>  > perhaps
>>  >>>  we
>>  >>>  can just call it 'Cheshire Cat') won't run 
> binaries of any 
>>  > sort that
>>  >>>  haven't
>>  >>>  been signed by Apple - and that to get Apple to sign your app 
> you have 
>>  > to
>>  >>>  register as a developer ($100/year) and still risk getting 
> denounced as
>>  >>>  non-Apple-approved.  If this is really the case it puts all 
> of us in a
>>  >>>  bind -
>>  >>>  for example to publish a piece of music that relies on a 
> custom extern
>>  >>>  you'd
>>  >>>  have to pay out the $100 in perpetuity to keep the extern 
> signed.
>>  >>> 
>>  >>>  Maybe this is overblown but if it's true it puts Pd devs 
> in a bind 
>>  > - I
>>  >>>  think
>>  >>>  we're obliged to try to suppport Pd on Apple (so as not 
> to undercut
>>  >>>  current
>>  >>>  Pd users who are on Mac) but to play along with Apple would 
> be to
>>  >>>  participate
>>  >>>  in what is ultimately a scheme to wrest control away from 
> computer 
>>  > users
>>  >>>  everywhere.
>>  >>> 
>>  >>>  I'd welcom others' views on this, especially if 
> someome can 
>>  > tell me this
>>  >>>  is
>>  >>>  a false alarm :)
>>  >> 
>>  >>  I haven't read a single article or new story on anything 
> resembling 
>>  > this.
>>  >> 
>>  >>  Such a move would make the entire Apple ecosystem incompatible
>>  >>  with ALL GPL v3 software.  I suppose such a move isn't 
> outside of the
>>  >>  realm of possibility, but if Apple did go down that road you can 
> bet it
>>  >>  will effect more than just Pd-extended/Pd-l2ork.  So either a) 
> its FUD,
>>  >>  or b) we would throw our weight behind whatever large-scale
>>  >>  organizing effort manifests itself (probably coming from the FSF) 
> to
>>  >>  defeat such a move.
>>  >> 
>>  >>  Either way it should not affect a single line of Pd code nor the
>>  >>  development
>>  >>  process.
>>  >> 
>>  >>  -Jonathan
>>  >> 
>>  >>> 
>>  >>>  Miller
>>  >>> 
>>  >>>  _______________________________________________
>>  >>>  Pd-dev mailing list
>>  >>>  Pd-dev at iem.at
>>  >>>  http://lists.puredata.info/listinfo/pd-dev
>>  >>> 
>>  >> 
>>  >>  _______________________________________________
>>  >>  Pd-dev mailing list
>>  >>  Pd-dev at iem.at
>>  >>  http://lists.puredata.info/listinfo/pd-dev
>>  >> 
>>  > 
>> 
>>  _______________________________________________
>>  Pd-dev mailing list
>>  Pd-dev at iem.at
>>  http://lists.puredata.info/listinfo/pd-dev
> 



More information about the Pd-dev mailing list