Try to open the file, say ok to the ‘can’t check for malware’ prompt, go to settings, security, approve running the software.

Annoying, but if you’re delivering your app to semi-technical users, not really a problem.

Notarize the application and staple the receipt to your app bundle. It won’t trigger the Gatekeeper warning.

Siri has the same effect.

Any user who does not like Gatekeeper can turn it off on their machine in ten seconds by running this in a Terminal:

    sudo spctl —-master-disable

People will say, no, that’s too big a hammer, it’s not safe… but then, like, what do you actually want? Either you keep Gatekeeper because you like the friction it introduces, or you don’t like that friction and you should go turn it off. Pick one, you obviously can’t have both!

Of course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it.

P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice.

P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them.

Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.

My favorite is when someone discovers they haven't yet granted Zoom screensharing permission, and that they need to exit the call to re-launch the application with the permission granted.

> I'm sure that other countries also have plenty of similar services for ID and age verification

laughs in Bundesdruckerei

> I can use SmartID to verify my ID (and age) in about 20 seconds when buying an energy drink at the local grocery store

Where do you have to show ID for that??

I don't get the part about Homebrew. If you're using Homebrew, it doesn't make a ton of sense to use Itch.io. Just use Homebrew. Seems like a more appropriate place to distribute a dev tool anyway. You could set up a patreon and print a link to it when appropriate. That's basically what Vim does.

I agree that Apple is dumb of course.

I am not entirely against the whole notarization thing.

If it is good for the end-user, it is usually also good for the ecosystem a a whole, trust is valuable.

But ffs, they are rich enough to make this a lot less painful and hostile for developers.

And this is not a new thing, I used to develop games for iOS, from the very beginning, and while the process somewhat simplified over time, it was a huge cortisol inducing process, not to mention the regular forced OS+SDK updates where the procedures changes almost every time and could fail in not-so-evident ways.

So, Linux gets a free pass for requiring chmod +x to run his tool, but needing to run xattr on MacOS is somehow worthy of an entire blog post to complain about it?

Serious question - Is it really true that Windows 11 will run an untrusted .exe without a warning?

I went through this recently. Got as far as verifying my identity, which Apple happily accepted as verified from my UK driving license. Unfortunately, they then automatically set my first and last name from that identity verification step, and some how managed to use a section of my driving license number as my surname - a string of random uppercase letters and numbers - and it's impossible to edit it. So fuck them, that's $99 they've lost.

Tangential but this made me appreciate how Gatekeeper is perhaps a notorious example of a great naming choice for a piece of software.