mac binaries are not signed by a valid apple dev account

[wyvern8]

Verify canary release

• [X] I verified that the issue exists in the latest Turborepo canary release.

Link to code that reproduces this issue

x

What package manager are you using / does the bug impact?

npm

What operating system are you using?

Mac

Which canary version will you have in your reproduction?

x

Describe the Bug

The binaries used by Turbo are not signed by Apple dev account correctly, and so Google Santa binary validation policies that only allows valid signers can mean that large organisations are limited to using hash whitelists which is not sustainable. https://github.com/google/santa cli https://santa.dev/binaries/santactl.html#fileinfo

Expected Behavior

santactl fileinfo turbo should not return Yes instead of Yes, but ad-hoc

To Reproduce

santactl fileinfo turbo should not return Yes instead of Yes, but ad-hoc

Additional context

No response

_TURBO-2009

[NicholasLYang]

Hi @wyvern8, thanks for the issue. We're in the middle of simplifying our release process now that the Rust port is completed. Once we've accomplished that, we can look into signing binaries with a proper Apple developer account

[Rohin-Chopra]

Hey @NicholasLYang and @mehulkar , just following up on this issue, has there been any movement on this?