Code signing changes

Mark or Shane,

“Code signing identity menu” in the post “SD8: Where Did It Go?” says

It is not clear from this in which system release does the the change occur that makes the new code signing required. Should announcements about this requirement change be made to let people know if they want to still be able to use the old way they will need to hang onto the older SD 7?

Bill Kopp

Can you explain why someone would want to continue using the old way?

A large scripting project handling and coordinating a lot of things can sometimes be a pain to shift to a new OS version. Often times older bigger projects are only worth updating if I can patch around a few problem spots. That’s something I’ve done many times. If I were still doing it for a living I would care a lot about what version requires the change. This kind of change can make older things no longer work with newer systems.

I am not saying it’s a bad thing to implement the change. Knowing when the new way is required tells me if I am thinking of updating from an older system if the update will make scripts, and script embedded in other apps, harder or not. “To update” or “not to update” is a question all developers and scripters face. It is just useful information to make the decision easier. I am running still on Mojave because I absolutely found Catalina annoying and I haven’t looked at “Big Sur” yet.

Bill Kopp

Notarization has been required to pass Gatekeeper since macOS 10.13.6, and there’s no reason notarization should affect whether an app will run on versions earlier than that.

If people are writing software meant to run only on versions before 10.13.6, then yes, they should probably stick to version 7.

To put it another way, the change reflects the fact that Apple has effectively made the old style of codesigning effectively pointless for scripts unless they will only ever run under macOS 10.12 or 10.13.<5.