https://bugs.kde.org/show_bug.cgi?id=496380
--- Comment #16 from rcfa <rcfa+kde....@mac.com> --- (In reply to caulier.gilles from comment #15) > If we run the self-signed command directly in the install script from the > package, It will work ? As it's said in the open source Package application > used to create the MacOS installer : > > "Support for bundle pre- and post-installation scripts" > > http://s.sudre.free.fr/Software/Packages/tech_specs.html > > I have a big doubt here, else this Apple signature to force to pay the > notarization will be a non-sense after all as it can be easily by-passed > (:=))) There’s no reason self-sign shouldn’t work in the installer script, it will however that the user authorizes the command. The point of notarization isn’t to "extract money" from anyone, but to make sure that someone is responsible for the code and potentially embedded malware, and that means IDENTIFYING the responsible party, which is obviously a costly process. Besides, the $99/year give you full access to developer resources, pre-releases, etc. So hardly the type of money that makes Apple rich. The point of self-signing is exactly to allow the sort thing done here, but it must be done by an admin user, so it once more requires someone to take responsibility for the signature/installation; and that’s the whole point: there’s always someone to point the finger at, if things go bad. -- You are receiving this mail because: You are watching all bug changes.
