Open MattMcL4475 opened 2 years ago
Signing it with a developer certificate will also notarize it (since newer OSs will require that). Since that can take an hour or so, we should consider moving codesigning to the official release activities.
@BMurri is this an active issue?
Yes, this is active.
At my company we use endpoint management software that prevents our employees from manually trusting unsigned applications. As a result, no one at my company is able to run the mac CoA installer anymore. I imagine other companies in research and healthcare settings would also run in to this problem. Please consider increasing the priority of this issue to help those of us trying to use CoA in companies with these kinds of regulatory and security requirements.
To run the deployer binary on a Mac, the user must manually trust the developer. To avoid this, the deployer binary could be signed with
productsign
with an Apple developer ID certificate: https://developer.apple.com/developer-id/Mentioned in #475