I don't quite understand people complaining about macOS apps. You aren't forced to publish in the app store. You can still disable Gatekeeper. You can disable code signature and entitlement enforcement altogether, although the process is messy. There's still nothing technically stopping you from avoiding Apple policies.
You can try to understand why macOS developers are frustrated with Apple by reading some of these[1] comments on HN.
> You aren't forced to publish in the app store.
If you don't pay $100 each year to Apple, macOS will treat your app as if it is radioactive. If your users don't know the magic security ritual to run un-notarized apps is, the app will just appear to be broken.
> You can still disable Gatekeeper.
Yes, if you're a power user. Apple is removing the ability to easily run un-notarized software in future macOS releases.
> There's still nothing technically stopping you from avoiding Apple policies.
Apple's literal technical limitations for distribution and execution of applications for apps that can't make it through Apple's approval process for notarization prevents users from using the applications they downloaded but Apple doesn't approve of.
It does say right there that Big Sur will be requiring signatures on all binaries, but it does actually specifically say that a self-signed certificate would be enough.
If someone wants to distribute apps without notarizing them, it's just a matter of adding instructions on how to bypass the notarization check.
And again — there's shouldn't be a party more trusted than the device owner. Otherwise I'd characterize such an OS as malware.
> If someone wants to distribute apps without notarizing them, it's just a matter of adding instructions on how to bypass the notarization check.
In the future, that will require disabling SIP. Good luck explaining to a non-power users how to do that.
Your analysis ignores the anticompetitive behavior Apple is engaging in. By making unapproved software second-class citizens on macOS, only apps that get Apple's approval through the Notarization or App Store process can be run easily by users.
Are you sure about that? Catalina has this "developer tools" permission that allows running unsigned/non-notarized binaries. Xcode grants that to itself, but you could as well grant it to things like Terminal and run your app from there. Bonus points for including a shell script with your app so the user doesn't have to run "scary" commands manually.
Yes, there are going to be (one-time) UX compromises, but I think it's possible to make it feel more or less okay for the average user.
Jeez, have some empathy for regular people. The whole damn point of those measures on Apple's side is to introduce friction and make it excessively hard to install non-notarized apps. It's already bad and unusable by most average people, and that's exactly the goal.
> Apple is removing the ability to easily run un-notarized software in future macOS releases
Actually I'm now thinking that I'd make a launcher. The only thing that you have to grant scary permissions to, and then run whatever the hell you want on the device you bought.
In practice you can't really expect to distribute free or commercial macOS software without paying the $99 anual fee. Even outside the MAS.
Non tech users don't even understand what Gatekeeper is or how to disable it. Most will think an unsigned app is a virus or whatnot.
Even in Catalina you need to open the terminal to enable the "everywhere" option and disable gatekeeper. I'm sure this is only going to get worse from now on.
> In practice you can't really expect to distribute free or commercial macOS software without paying the $99 anual fee. Even outside the MAS.
I have a small free app (month calendar widget for the notification center) and it's self-signed. No one has had any problems running it — none that I'm aware of, anyway.
> Non tech users don't even understand what Gatekeeper is or how to disable it.
It feels like non-tech users at this point are used to computers acting up and being unreliable and thinking that everything is a virus. Windows users that installed an antivirus have had that same experience since about forever.
> Even in Catalina you need to open the terminal to enable the "everywhere" option and disable gatekeeper.
They've had this going on for a while. On Mojave too. Also it sometimes automatically reverts the setting to "only known developers" and you have to use another `defaults write` command to prevent that from happening in the future. This doesn't help with security, this is just plain annoying.
