Codesigning everything and combatting malicious code

Joshua Root jmr at
Thu Mar 24 18:24:25 UTC 2022

On 2022-3-23 08:19 , Ryan Schmidt wrote:
> On Mar 21, 2022, at 23:02, Joshua Root wrote:
> Are we sure that ad-hoc codesigning is enough to pacify GateKeeper? Since all binaries must be codesigned on Apple Silicon, does that mean that GateKeeper never has anything to complain about on Apple Silicon systems?

No. As I said before, an ad-hoc signature does nothing to improve 
security, and the designers of GateKeeper are aware of that. Having a 
signature from someone you've never heard of doesn't help in deciding 
whether to trust the signed item.

I think what it does do is prevent repeated authorisation prompts for 
the same program, as long as GateKeeper can see that its signature has 
not changed since last time the user said to trust it, and is still valid.

- Josh

More information about the macports-dev mailing list