Gatekeeper and Mac OS X 10.9.5
Many Mac developers dropped everything to re-sign apps like Apple asked for 10.9.5, only to learn it doesn’t matter. Terrible communication.
A bit over a month ago, Apple announced big changes to the way Mac OS X versions 10.9.5 and 10.10 will recognize the code signatures of 3rd party applications, hinting very strongly that consequences would be dire for any developer neglecting to re-sign their apps:
[…]
To make matters yet more confusing, a developer who has signed off on the chore of complying with Apple’s requests would not necessarily be able to verify the job was done right, because for example on pre-release builds of 10.9.5 and 10.10, many apps with “old and busted” version 1 signatures unexpectedly passed the system’s Gatekeeper check, contrary to the firm indication from Apple that they shouldn’t.
It’s still not entirely clear to me what happened here. I had an app that failed the Gatekeeper check with pre-release versions of the OS only to pass it with later betas and the release version. Was this because of a bug in the pre-release versions? Or is Apple simply delaying part of the clamp-down?
See also: Major Changes to Gatekeeper in Mac OS X 10.9.5.
Update (2014-09-19): Andrew Cunningham:
This is contrary to a message Apple sent to developers in early August, which indicated that all apps would need to be re-signed to work properly with 10.9.5.
Update (2014-09-24): Jeff Johnson:
What nobody was expecting, and as far as I can tell, what nobody but me has noticed yet, is that the Gatekeeper change, or a significant subset thereof, was included with the 2014-004 Security Update for Mac OS X 10.8.5. There is no mention of this at all by Apple, anywhere, certainly not in the release notes.
[…]
It’s shameful that Apple failed to inform anyone, either developers or users, either before or after the fact, that this significant overhaul of Gatekeeper shipped in the security update to 10.8.5. And since it was a security update, we have to wonder, what was the security vulnerability? Why wasn’t it listed in the security content for 10.8.5 or 10.9.5? According to the hype, Apple is supposedly entering into a new era of openness. According to the reality, however, I see the same old lack of communication.
2 Comments RSS · Twitter
The whole thing has been a SNAFU since the beginning:
- no explanation why this change was needed.
- no explanation why this change was needed in a minor release.
- poor communication between the guys sending the warning e-mails and the team implementing the change.
It looks like security through obscurity.