For me, quite a few? Internal tools at work, open source projects which publish builds on their github, that sort of stuff.

(And no, paying Apple a yearly subscription for the privilege of letting users run an app is not a reasonable expectation of small open source projects)

Problem solved.

I can't do the signing as it requires Apple stuff. Not to mention it is unethical to require it as it's used for gatekeeping not just security (requiring Apple to decide if you can run an executable is unacceptable).

Compare it to Android where you can use self-signed certificates and it has an actual function, it allows updates signed with the same certificate to access the existing stored data on the device. It improves security without gatekeeping. At least that was on the older Androids, haven't done work on any newer ones.

I can't do some kind of universal launcher that is signed by me because it would allow to run arbitrary code and therefore it would be banned.

Therefore the only solution is to search for various workarounds (eg. by teaching the users how to run the software) or if not possible anymore stop supporting newer versions of MacOS and rely on web applications to support the platform (like it's the only way on iOS).

Which would be even worse on the desktop as the usability can be quite bad, but at least users would have some chance to use the applications even on their closed system.

Your problems are extremely insignificant in the big picture, where the priority of a serious operating system should be to support regular people in avoiding malware and malicious social engineering. macOS is a general purpose operating system, not a hobbyist or tinkerer OS, and the vast majority of its users are non-technical.

I get that it's annoying, but pushing the work on you is a massive benefit to your users.

It also allows to be used from a C/C++ project so you can do all the required steps, but it's quite more involved compared to simply building the software for all platforms at once.

It's also not related to how popular my language is. It affects any language including C/C++ if you want to have unified cross-compilation to all supported platforms (which is quite typical for any serious project).

You may not be aware but Apple has put roadblocks for such usages as well, you can't rent a Mac VM for automatic builds, it has to be rented for 24 hours at minimum. Using someone's private Mac for building may not be a good idea for various reasons.

And then you compare it to other platforms that don't require anything like this. I even mentioned Android which shows that you can use signing to provide a security aspect without the gatekeeping aspect.

The issue is wider and basically it's an anticompetitive behavior of Apple to any competitor to Xcode.

Therefore instructions how the users can run the application is the only solution.

Enough for this to be annoying. Plenty of tiny tools don't pay for the privilege of doing free work, so aren't signed

> This is one of those features where the benefits seem to very obviously outweigh the drawbacks. 99.9% of users just aren't running unsigned software, so the moment that happens, it is most certainly malware.

You're obviously wrong with your made up stats (you don't need to be a power '1% user to want to install some a single useful unsigned app over the whole lifetime of using a Mac) and ignore the fact that part of the reason why it's 99% and not 88% is precisely because of features like this that make it harder to do so.

But there is an easy way to reconcile - make the old behavior configurable then the imaginary nonexisting 0.0000% users can continue without permanent disruptions

I don't really see how the average user is positively affected by these changes - it's not like they will accidentally open terminal and enter random strings infinite monkey theorem style until they hit sudo spctl –master-disable. Ctrl-click was at least possible to stumble over, but I see no good reason not to at least provide a .plist setting to re-enable that behavior. Except to bully more devs into getting signing certs.

These are real, tangible risks.

That has never been true. Neither for pro- nor casual users. This might be good for the bottom line of Apple, but I doubt that too, since they squander their reputation. This is non-engineers calling the shots, just like Jobs warned us about.

I do run quite a few unsigned apps and I don't even use a mac that often. This is just stupid...

Link to the talk or interview or whatever where he talks about this?

1. Need to disable gatekeeper to run unsigned code. 2. Need an active developer account. 3. You can't run downloaded unsigned code.

Driving them off Mac would be a gigantic mistake that over time would lead to the fading of the whole Apple ecosystem.

I think the mistake already happened, you can see fewer and fewer macOS only software and there is very little in the way of novelty/exclusivity (both iOS/macOS). Devs are now more and platform stuff more and more (mostly web technologies because it makes for good UI even though performance is not the best, it doesn't matter with today's powerful machines.

I'll add that one key point that Apple was better on is becoming very moot: software optimisation (performance and UI) matters a lot less in today's cheap powerful computing. Apple is supposedly selling top of the line hardware but skimping every way possible so in the end, when price matched, competitive hardware does not do worse no matter how bad the softwares are optimized on concurrent platform.

Then the usage of the platform will end for many users & developers. One could still live a quite long time on the older systems to ease the transition out.

I do create macOS binaries, although they mostly are just a byproduct if targeting it is trivial. Of course I do not sign any of them, to me that is more or less a scam comparable to ransomware.

This way I support Windows 2000 or newer, MacOS 10.6+, up to 15 years old Linux distributions with the same small binary for each platform, I did an extra mile in supporting WebAssembly target so it's easy to compile the applications to the web. This also allows to create applications for smartphones without the need for approval and having to follow any weird arbitrary rules.

Why support such old versions? Real world users are often stuck with old versions for various reasons, it's a minority of users but they can be the most important ones. And technically because the difference between these old systems and new systems is not that big. Often it just means to use some older API or do a few extra steps. It's all hidden in code that handles multiplatform stuff so it's not in the way. It doesn't add bloat either.

Well yeah because they are very sensibly doing it extremely slowly. Microsoft is doing the same thing; they're just a fair bit behind Apple.

They have been ratcheting down on freedom in OS X (and then MacOS) since 2011 or so when I stopped using Apple for personal use. The introduction of the Mac App Store, subsequent lackluster performance, and introduction of scary warnings about running unsigned code in MacOS tell most all of the story. This latest update is just another step in that direction, making running unsigned code that much more difficult. The obvious endgame is to raise the next generation of Mac users to only use the Mac App Store for software, effectively replicating the golden goose that the iOS App Store has proven to be.

Some poor schmuck would find a viral comment that said something like "Mark Zuckerberg doesn't want you to know how to get Facebook Premium! Copy and paste this code into your browser, ignore Facebook's warnings, they don't want you to get it for free!" And badabing badaboom, stolen credentials get sent to some server.

I don't work at Apple and can only speculate on their motive, but since I advise my family to use macOS, it's my hope that this change would prevent them from reading something like "download this scary blob and then ctrl+click on it to open it for free Photoshop! Ignore Apple's warning, Adobe has paid them because they don't want you to get it for free!"

It does make it slightly more inconvenient for me, but I think chromedriver may be the only unsigned code that I run regularly.

More and more, I find that these sorts of "we know best" attitudes towards security utterly distasteful and the total opposite of empowering. Infantilizing, more like.

What I'd like is upon setup it asks if this is a dev machine, and change the preferences.