Also, you didn't answer my question as to whether you're a Mac developer. The fundamental problem was with your technical understanding and interpretation of each of the steps. The JP is not refusing to witness your signature, they are simply suggesting that you have more urgent matters to attend to right now. It's like a Justice of the Peace recommending that you see a doctor if you turn up to ask for a witness to your signature while bleeding profusely from your ear. A notarising request might be rejected if the applications contains known malware (because the presence of such is an exceptional circumstance which the developer needs to take urgent action to correct, not because Apple doesn't want to sign malware). "Approval" on the other hand implies that Apple might "disapprove" something, which is not something that happens in the notarising service. Notarising is only about ensuring that what you are trying to run is what the developer wrote for you. macOS now trusts that this program is what was published by the developer, and allows it to runĪt no point in this sequence has Apple provided any testimony or recommendation about this program. macOS compares checks that notary signature matches the program and developer signatureĨ. macOS compares program signature to developer signatureħ. End user downloads program which includes signature by developer and signature by AppleĦ. Apple signs program and developer's signature to tell macOS that this developer signature for this program has been seen by a trusted third party (the notary, in this case Apple) - the notary signature basically states that at this date and time the developer presented Apple with the program and the developer signature and that the developer signature is the correct one for that programĥ. Developer submits program and signature to Apple's notarising serviceĤ. Developer signs program to provide evidence to end-user that program has not been tampered withģ. Here's a grossly simplified version of what happens with Apple's notary service:Ģ. Notarising is only the act of a trusted third party verifying that the signature on a document is valid. But toasting the sandwich provided by the customer doesn’t mean you actually like it. You might reject a sandwich which isn’t built properly (eg: has mismatched bread slices, is missing contents or smells of dynamite). It’s like claiming that the outcome of toasting a sandwich is approval or rejection, no the outcome of toasting a sandwich is you have a sandwich that is toasted, aka “toasted sandwich.” The outcome of notarisation is that the app has been notarised. Scanning for malware is simply to avoid embarrassing situations me an author/publisher finding they’ve been compromised by some well known malware. There’s no attempt by Apple to claim that the application is safe or does what it says on the tin. Notarisation for macOS similarly only means, “the developer presented us with their application and their certificate of authenticity and we signed it with the certificate that allows macOS to run it without complaining.” When a Justice of the Peace notarises a piece of documentation, they are not vouching for authenticity they are only voicing for certain claims made: the document was presented on a certain date, and/or that this copy is an accurate facsimile of the provided original.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |