> This will only really impact macOS developers without an Apple Developer account, which I guess are a minority. Probably in that minority most are compiling to macOS from Windows or Linux.
This shouldn't change the behavior for these apps - for several years, these apps have been blocked by default, requiring the user to open them from a menu (rather than by double-clicking) to get the option to allow them to run.
The change is in the process for macOS developers with apple accounts - in addition to signing locally with their developer id, the build is uploaded to apple to scan for issues then notarize.
This does give different properties to the app - builds can be individually revoked, and the signature can outlast the developer certificate. It may mean eventually that macOS apps using private API can no longer be signed - that depends on what apple checks/does with the builds before notarizing.
This shouldn't change the behavior for these apps - for several years, these apps have been blocked by default, requiring the user to open them from a menu (rather than by double-clicking) to get the option to allow them to run.
The change is in the process for macOS developers with apple accounts - in addition to signing locally with their developer id, the build is uploaded to apple to scan for issues then notarize.
This does give different properties to the app - builds can be individually revoked, and the signature can outlast the developer certificate. It may mean eventually that macOS apps using private API can no longer be signed - that depends on what apple checks/does with the builds before notarizing.