Code Signing in El Capitan
Gatekeeper rejected the app because I’m using Sparkle 1.5b6. The framework has symlinks to paths on a Mac that I doubt Andy Matuschak uses anymore. That’s completely reasonable: those symlinks could just as easily point to something a lot more damaging that a non-existent directory.
The
--strictoption currently checks the validity of symlinks. You can point a symlink at a path in your own application package,/Systemor/Library, but nowhere else. The code signing rules also allow language translations to be removed, but if they are present they must be unmodified.[…]
Many of your customers will be downloading and running your app on the El Capitan public beta: you should do the
codesign --deep --strictcheck on any new releases to avoid customer support issues. It’s also likely that a similar check will be performed for you when the Mac App Store eventually allows submissions for 10.11.
