Apple introduces Developer ID ahead of Mountain Lion's Gatekeeper

124

Comments

  • Reply 61 of 98
    Thank God! At least there is one person on this forum who knows their elbow from a tea kettle!

    And also note that paying the annual fee is required to distribute through the Mac App Store.



    Quote:
    Originally Posted by auxio View Post


    Can we please clear this up once and for all?



    - You can sign up for an Apple developer account for free. This will allow you to get access to developer tools and documentation so that you can create Mac applications. This won't allow you to get a developer ID so that you can sign your Mac applications. You can still distribute the applications you create, but once Mountain Lion comes out, users of your applications who upgrade will have to explicitly change their settings to allow your applications to continue running.



    - If you want to sign your Mac applications in order to avoid the headache of providing technical support for guiding everyone through this process, you must pay the $99 fee.



     0Likes 0Dislikes 0Informatives
  • Reply 62 of 98
    Quote:
    Originally Posted by auxio View Post


    You can still distribute the applications you create, but once Mountain Lion comes out, users of your applications who upgrade will have to explicitly change their settings to allow your applications to continue running.



    From my testing it doesn't affect any apps that have updated using their own updater method. It also doesn't affect apps after they've been opened once. This is the message you get when you choose Control+click or right-click and then Open on the app:
    “app_name.app” comes from an unidentified developer. Your security preferences are set to block installation of applications from unidentified developers.



    Opening “app_name.app” will always allow it to run on this Mac. “app_name.app” is on the disk image “app_name.dmg”. Safari downloaded this disk image today at 11:59 PM from web.site.com.

    [ Open ] [ Cancel ]
    I can't test whether this occurs for all unsigned apps that are on your system after you update Lion to ML.





    Quote:

    While people love to point out how simple this is, it's only simple if you have taken the time to understand it. Most people won't and will simply fire off an irate email/call to technical support.



    That's fine, nothing wrong with a little learning. I think Gatekeeper is considerably easier to comprehend over a phone for both the tech and customer than trying to explain why the app running in a DMG.
     0Likes 0Dislikes 0Informatives
  • Reply 63 of 98
    Quote:
    Originally Posted by DESuserIGN View Post


    I honestly think you might benefit from consulting a mental health professional. I wish only the best for you.



    DESuserIGN wrote: "As an example, I for many years enjoyed a little freeware application called Tea Time [...] Unfortunately with the advent of the developer program, he could only make it available for $1."
     0Likes 0Dislikes 0Informatives
  • Reply 64 of 98
    auxioauxio Posts: 2,795member
    Quote:
    Originally Posted by DESuserIGN View Post


    And also note that paying the annual fee is required to distribute through the Mac App Store.



    Right. I was assuming that everyone knew that much already, but it never hurts to be as clear as possible.



    I'm personally feeling a bit forced into paying the $99 fee, but given that you get high quality developer tools for free (unlike other platforms), I'm not complaining too much.
     0Likes 0Dislikes 0Informatives
  • Reply 65 of 98
    auxioauxio Posts: 2,795member
    Quote:
    Originally Posted by SolipsismX View Post


    That's fine, nothing wrong with a little learning. I think Gatekeeper is considerably easier to comprehend over a phone for both the tech and customer than trying to explain why the app running in a DMG.



    While it's not so bad for the first couple of times explaining it, it gets a bit tedious around a dozen times (i.e. you need to see it from the perspective of the small developer providing their own tech support).



    As for .dmgs, there's also the option of .pkgs (which I prefer to use).
     0Likes 0Dislikes 0Informatives
  • Reply 66 of 98
    Quote:
    Originally Posted by auxio View Post


    While it's not so bad for the first couple of times explaining it, it gets a bit tedious around a dozen times (i.e. you need to see it from the perspective of the small developer providing their own tech support).



    I'm sure it will be but that will likely fade quickly and you can put a README.txt file in the DMG or, better yet, use a background image in the DMG that tells the user what to do the first time they open it. There are certainly solutions available.



    That said, clearly Apple is pushing for singed apps but no one should expect anything less. They care about their bottom line and this means making the Mac more popular which means making it more appealing to users. A few people claiming the "sky is falling" because "it's a slippery slope" to "Fascism," Nazism" or Draconian law" are not going to affect what is good for Apple because it's good for the consumer.



    Quote:

    As for .dmgs, there's also the option of .pkgs (which I prefer to use).



    PKGS can be worse as many don't like to go through an installer before running an app. I like the ZIP files and auto-uncompress into the app. It's clean but that may be a security issue and then you have your app placed in your Downloads folder.
     0Likes 0Dislikes 0Informatives
  • Reply 67 of 98
    auxioauxio Posts: 2,795member
    Quote:
    Originally Posted by SolipsismX View Post


    PKGS can be worse as many don't like to go through an installer before running an app.



    And some people don't like to have the OS decide what's safe to run and what isn't, but we're talking about what's easiest/best for the average computer user here.



    Installers put things in the proper place (/Applications) so that the filesystem doesn't become a mess (but still give an option for a custom location), can be used to take care of setting the right permissions, add the necessary things to run on startup, add system preference items, incorporate signature verification at the installation stage (before the app is ever run). A much cleaner experience for the user, and way more flexibility for the developer.
     0Likes 0Dislikes 0Informatives
  • Reply 68 of 98
    Quote:
    Originally Posted by auxio View Post


    And some people don't like to have the OS decide what's safe to run and what isn't,



    And those people can alter Gatekeeper's settings in 4 clicks.



    Quote:

    but we're talking about what's easiest/best for the average computer user here.



    We are, which is why Gatekeeper is a good thing. Apple is focusing heavily on the Mac.



    Apple will be moving to capture a lot of marketshare from the other PC vendors.



    Quote:

    Installers put things in the proper place (/Applications) so that the filesystem doesn't become a mess (but still give an option for a custom location), can be used to take care of setting the right permissions, add the necessary things to run on startup, add system preference items, incorporate signature verification at the installation stage (before the app is ever run). A much cleaner experience for the user, and way more flexibility for the developer.



    No argument here on the pros of an installer package, but you didn't address the cons. If you want to address just the pros then the Mac App Store wins hands down because it does everything the installer package does except it does it with less steps on the part of the user.
     0Likes 0Dislikes 0Informatives
  • Reply 69 of 98
    auxioauxio Posts: 2,795member
    Quote:
    Originally Posted by SolipsismX View Post


    No argument here on the pros of an installer package, but you didn't address the cons. If you want to address just the pros then the Mac App Store wins hands down because it does everything the installer package does except it does it with less steps on the part of the user.



    Which, now that you have to pay $99 to sign regularly distributed apps, makes more sense. However, I don't like to needlessly drop support for pre-App Store versions of Mac OS X (I have plenty of old Macs kicking around which I put to use for various purposes). So for those (and for people who can't afford a new Mac), I still need to create installers.
     0Likes 0Dislikes 0Informatives
  • Reply 70 of 98
    doh123doh123 Posts: 323member
    gonna kill people who need to use older Xcodes for older OSX versions to make a single version to run on all.. since they require newer Xcode versions to sign apps... uhhhg... making an older 10.4+ app would be impossible to sign.
     0Likes 0Dislikes 0Informatives
  • Reply 71 of 98
    ash471ash471 Posts: 705member
    Quote:
    Originally Posted by DESuserIGN View Post


    Thanks for reforming my argument for me. I never said that. I said Apple charges $99/year to use the Mac App Store. You just twisted it suit your own purposes.



    What? You make no sense. SolipsismX is simply saying that the payment of $99 to be a developer is not required to get a certificate. Or in other words, distributing Apple's signed software can be done for free. The $99 developer fee is required if you want to distribute the software through Apple, which isn't required to distribute OS X software. What part of this do you not understand?
     0Likes 0Dislikes 0Informatives
  • Reply 72 of 98
    ash471ash471 Posts: 705member
    Quote:
    Originally Posted by doh123 View Post


    gonna kill people who need to use older Xcodes for older OSX versions to make a single version to run on all.. since they require newer Xcode versions to sign apps... uhhhg... making an older 10.4+ app would be impossible to sign.



    That is a sacrifice that Apple should be willing to force all developers to make. Old code has to have an end of service date. If you want to run an old machine and old software, then stick with what was available at the time you bought your machine.



    My work still runs Exchanger server 2003 and it kills me to have to run Citrix or OWA email. The IT department is too lazy to troubleshoot a new exchange server and since MS keeps supporting a decade old software platform I have to deal with it. ugh.
     0Likes 0Dislikes 0Informatives
  • Reply 73 of 98
    ash471ash471 Posts: 705member
    Quote:
    Originally Posted by auxio View Post


    Which, now that you have to pay $99 to sign regularly distributed apps, makes more sense. However, I don't like to needlessly drop support for pre-App Store versions of Mac OS X (I have plenty of old Macs kicking around which I put to use for various purposes). So for those (and for people who can't afford a new Mac), I still need to create installers.



    No you don't. The certificate programis free. The $99 fee is to distribute through Apple, which isn't required. What part of free do you not understand?
     0Likes 0Dislikes 0Informatives
  • Reply 74 of 98
    doh123doh123 Posts: 323member
    Quote:
    Originally Posted by ash471 View Post


    That is a sacrifice that Apple should be willing to force all developers to make. Old code has to have an end of service date. If you want to run an old machine and old software, then stick with what was available at the time you bought your machine.



    My work still runs Exchanger server 2003 and it kills me to have to run Citrix or OWA email. The IT department is too lazy to troubleshoot a new exchange server and since MS keeps supporting a decade old software platform I have to deal with it. ugh.



    I'm not talking about old software. Its possible to make a single app that runs on 10.4, 10.5, 10.6 10.7 and 10.8 ... why should we be required to kill off 10.4 and 10.5 just so it only runs on 10.6+ which it already did in the first place?



    Quote:
    Originally Posted by ash471 View Post


    No you don't. The certificate programis free. The $99 fee is to distribute through Apple, which isn't required. What part of free do you not understand?



    You say its free.. please prove it. With a free developer account I try to get to anything about it and it says its forbidden and I need to sign up with a $99/year plan to even view the pages about it... let alone register.
     0Likes 0Dislikes 0Informatives
  • Reply 75 of 98
    solipsismxsolipsismx Posts: 19,566member
    Quote:
    Originally Posted by doh123 View Post


    I'm not talking about old software. Its possible to make a single app that runs on 10.4, 10.5, 10.6 10.7 and 10.8 ... why should we be required to kill off 10.4 and 10.5 just so it only runs on 10.6+ which it already did in the first place?



    Typically when a developer excludes older OSes it seems to be for one and/or two reasons: 1) Cost of supporting older OSes too high compared to profit, and 2) newer APIs that make your app modern and useful aren't available for older OSes.



    Quote:

    You say its free.. please prove it. With a free developer account I try to get to anything about it and it says its forbidden and I need to sign up with a $99/year plan to even view the pages about it... let alone register.



    I'm not as confident as ash471 about the code signing being free for all as the documentation I've read has been fairly ambiguous, never specifically including or excluding the free developer account. That does lean one toward all accounts being included but they also talk about the Mac App Store without specifying.



    If it's for free deve accounts then it won't be too much of a hurdle for malware devs to create a fake ID and then use Xocde to sign their app. When their app(s) get revoked it will only stop new apps from being installed and opened for the first time without the warning, not all previous run apps. IF you charge the $99 then this would limit that eventuality.



    That said, devs can do this now and I don't think it's a problem so I'm leaning more toward ash471 being correct.



    But I digress, You don't see any information about Developer IDs because it's all listed under Mountain Lion at this point. That means only those who have paid the $99 can get access to the developer betas, tools and documentation within that section. That may change, it may not. Apple added Gatekeeper to 10.7.3 but it's default is "Allow applications downloaded from: Anywhere" so it's a toss up. One thing is for certain is this information will be cropping up for the next 7 months before the OS is released which should be more than enough time to address everyone's concerns to the point they are common knowledge on tech forums.





    PS: $10 says Apple changes accounting of Macs and future OSes are free like iOS updates.
     0Likes 0Dislikes 0Informatives
  • Reply 76 of 98
    mjtomlinmjtomlin Posts: 2,699member
    Quote:
    Originally Posted by DESuserIGN View Post


    Hmm . . .

    A fully curated environment on the desktop?

    Seems like a bit of a solution in search of a problem, to me. I've not encountered malware or a virus on any of my Macs in at least 15 years.



    Well good for you, but in this day and age as more and more malware make their way on to OS X, it could become a huge problem for people not in the know. This merely allows Apple to offer another level of protection for those people who NEED it.





    Quote:

    I don't even care for the $99 a year fee for developers. Seems to discourage development of freeware and OSSW, if you ask me. What good are computers if we can't even tinker with them if we want?



    Now sure how this discourages developers from writing free software? I have no problem writing free applications and utilities. I didn't pay Apple anything and I haven't subscribed to Apple's Developer Program either. Furthermore, people who "tinker" with their systems, will know of other methods to obtain software, so this is a non-issue you're worrying over.
     0Likes 0Dislikes 0Informatives
  • Reply 77 of 98
    Quote:
    Originally Posted by DESuserIGN View Post


    Don't get me wrong. I have no problem with transparency and accountability. I just don't care for a totally locked down environment. A fully curated environment seems more sensible with the iPhone, and possibly with non-phone iOS devices. But for the Mac? Sorry I need more flexibility.

    It will be interesting to see how this evolves.



    You're kidding, right? A fully sandboxed system puts the Developer into a position of making all his bounds checking in a row, to optimize the application by leveragin the System APIs and to be able to easily track any malicious code injections due to their own poorly designed frameworks.



    It's a win/win as the Developer gets feedback to fix their actions before it becomes a pattern and the Consumer for not getting their system from becoming a haven of crap.
     0Likes 0Dislikes 0Informatives
  • Reply 78 of 98
    al_bundyal_bundy Posts: 1,525member
    Quote:
    Originally Posted by WelshDog View Post


    How do they vet developers? Seems like if they just issue the ID to anyone then some of those receiving will be criminals. If they "curate" does that means Apple has to evaluate and reverse engineer every piece of software? That hardly seems practical with highly complex software that could take a long time to analyze for nefarious features.



    Those of you who know, please explain how this will work.



    you have to pay $99 with a credit card. criminals hate paying in any form that makes it easy to trace them
     0Likes 0Dislikes 0Informatives
  • Reply 79 of 98
    Quote:
    Originally Posted by DESuserIGN View Post


    Again, the free membership doesn't include the right to distribute (even *free*) software via the Mac App Store. Do you deny this?



    I don't believe anyone ever said that.



    Quote:

    I think Apple's insistence on charging $99/year to distribute freeware through the Mac App Store is a disincentive for freeware developers.



    And you can certainly think that. You're wrong, though. We've shown you every single way in which you're wrong, and yet you still think this. That's fine. The argument seems to be over, though, so pressing the point beyond this without providing any proof is just silly.
     0Likes 0Dislikes 0Informatives
  • Reply 80 of 98
    diddydiddy Posts: 282member
    My question in this would be if the certificate can only be used in Xcode products how would that affect major software developers who do not use Xcode for their projects.... I don't speak from authority but I doubt that they develop in X-code for programs. If that is indeed the case, how are they going to apply such a certificate even if they wanted to but cannot use X-Code?
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.