Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> you are effective requiring your users to give you root access

Wait, it's either code sign and you don't get root or don't code sign and get root? How retarded is macOS? Why is there no "no code sign and no root, just run as the user"?



I'm pretty sure on Linux if you wanted to run Quake3 you had to run as root due to needing direct access to the GPU. Is Linux "retarded" too?


Plenty of coding practices from 1999 are completely unacceptable today.


Yes. That is why Apple requires you to get your code signed.


Please don’t use that term in the way you’re using it. It’s offensive and unnecessary.


I'm quoting the guy above me. Go tell him.


Two wrongs don't make a right.


Or: you don’t codesign and users ignore your app in favor of the one that doesn’t require rebooting to recovery mode to disable core platform security features, so that chrome, etc can break your machine.

Longer term I imagine that OS X will simply have an non-overridable sandbox that tightly restricts what any unnotarized app can do. Eg if you aren’t notarized you get access to your own container and no other part of the file system.

Alternatively you could just sign your code properly and update it to hardware that’s existed for 15 years.


Analogy falls apart for Chrome since it's safe to assume Apple either gives scaning priority to Google or has outright whitelisted their account (since Chrome updates so frequently and there's opportunity for Google to throw money at Apple)


Notarization takes minutes and is presumably automated, so why wouldn’t chrome do it?

You’re doing a great disservice to the engineers at google if you think the actual release work is so short that a few minutes for notarization is a problem.


Does chrome releases multiple builds a day? Scanning usually takes less than 1 hour.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: