Go Down

Topic: Notarizing the Arduino IDE for MacOS? (Read 154 times) previous topic - next topic

J-M-L

Apr 11, 2019, 10:29 am Last Edit: Apr 11, 2019, 10:30 am by J-M-L
Hi

I was reading this article Notarization Required for Mac Apps Created With New Developer IDs Starting in macOS 10.14.5

Seems Apple plans to make notarization a default requirement for all software in the future.

is there any plan for the downloadable packaged/executable version of IDE to be notarized? that would reinforce the trust in what we install on our systems.   
Hello - Please do not PM me for help,  others will benefit as well if you post your question publicly on the forums.
Bonjour Pas de messages privés SVP, postez dans le forum directement pour que ça profite à tous

Robin2

#1
Apr 11, 2019, 11:04 am Last Edit: Apr 11, 2019, 11:05 am by Robin2
is there any plan for the downloadable packaged/executable version of IDE to be notarized? that would reinforce the trust in what we install on our systems.  
Just out of idle curiosity does this notarization process require money to be given to Apple?

...R
Two or three hours spent thinking and reading documentation solves most programming problems.

J-M-L

#2
Apr 11, 2019, 12:34 pm Last Edit: Apr 11, 2019, 12:41 pm by J-M-L
I don't know.

You need to get a Developer ID that will be used in the process of signing the code and submit into an automated verification engine

There is a free developer program but also another one for a fee if you want to sell your apps in the app store or get code-level support ($99 per year for a company, no per developer fee)

The process is described here

Quote
Get Your Software Notarized
Give users even more confidence in your software by submitting it to Apple to be notarized. The service automatically scans your Developer ID-signed software and performs security checks. When it's ready to export for distribution, a ticket is attached to your software to let Gatekeeper know it's been notarized.
and in more details there

There is an extra value for developers they highlight,
Quote
If you discover unauthorized versions of your software, you can work with Apple to revoke the tickets associated with those versions
There has been many attacks in the past across platforms with rogue versions of developer tools that inject extra code in your apps... Getting the assurance we download the right version  as compiled by the vendor is of actual value  (in my opinion). (that's why I never got ch340 drivers from China for example)

seems nothing is enforced for the time being anyway, just an annoying pop-up from time to time stating that the IDE is not signed -  so just curious if arduino plans to get signed versions of the IDE
Hello - Please do not PM me for help,  others will benefit as well if you post your question publicly on the forums.
Bonjour Pas de messages privés SVP, postez dans le forum directement pour que ça profite à tous

Go Up