{"id":49994,"date":"2025-11-10T15:08:34","date_gmt":"2025-11-10T20:08:34","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=49994"},"modified":"2025-11-10T15:08:34","modified_gmt":"2025-11-10T20:08:34","slug":"fsf-eu-notarization-complaint","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/11\/10\/fsf-eu-notarization-complaint\/","title":{"rendered":"FSF EU Notarization Complaint"},"content":{"rendered":"

Free Software Foundation Europe<\/a> (via Hacker News<\/a>):<\/p>\n

The EU’s Digital\nMarkets Act (DMA)<\/strong><\/a> aims for a structural reset of\npower in digital markets, a shift from corporate control toward\ndevice neutrality<\/strong>, where users decide\nwhat runs on their devices. For Free Software, this legislation can be a\nunique opportunity by finally opening closed ecosystems - like iOS - to\nFree Software alternatives. Apple has reacted aggressively against the\nDMA, litigating\nagainst regulators<\/a>, and unfairly\nexcluding Free Software from iOS and iPadOS<\/a> by blocking the\nunfettered installation of software (sideloading), prohibiting\nalternative app stores, and hindering interoperability.<\/p>

[…]<\/p>

Apple’s complete\nreview of apps<\/a> – known as “notarisation” process<\/strong> -\na mandatory step for distributing any software on its\nplatforms, represents the very gatekeeping behaviour the DMA was written\nto prevent.<\/p>

Notarisation forces all apps, even those distributed outside Apple’s App Store, to be submitted to Apple’s servers for scanning,\napproval, and cryptographic re-signing before installation. The result\nis that Apple retains full control over what software users can install\nand how developers can distribute it. This transforms Apple’s\nself-appointed “security review” into a choke-point of power, locking in\ndevelopers and users into the company’s proprietary ecosystem.<\/p>

[…]<\/p>

The alternative to\nApple’s notarisation already exists, and it works.\nDecentralised curation<\/strong>, as practised\nby repositories like F-Droid<\/strong><\/a>,\nshows that security and software freedom coexist inherently. Instead of\nconcentrating trust in a single private authority, decentralised systems\ndistribute it: through transparent verification pipelines, reproducible\nbuilds, and community audits. Users choose whom to trust, and curators\nare accountable to the public, not to corporate shareholders. This model\nembodies the DMA’s vision of interoperability and openness far better\nthan Apple’s notarisation.<\/p><\/blockquote>\n\n

I continue to have problems with even the automated notarization for Mac apps. Seemingly every other build these days, I get an error like this:<\/p>\n

[15:16:58.729Z] Warning [KEYCHAIN] Couldn't find keychain item matching [\"r_Attributes\": true, \"acct\": \"com.apple.gke.notary.tool.saved-creds.AppleNotaryProfile\", \"sync\": \"syna\", \"labl\": \"com.apple.gke.notary.tool\", \"class\": genp, \"m_Limit\": m_LimitOne, \"r_Data\": true]. An error occurred while accessing the keychain. The specified item could not be found in the keychain.\n[15:16:58.729Z] Info [KEYCHAIN] No Keychain password item found for: AppleNotaryProfile\nError: No Keychain password item found for profile: AppleNotaryProfile\n<\/pre>\n\n
The first few times, I would run notarytool store-credentials<\/code> to fix this, but I later found that the item really is still in the keychain, and if I keep retrying the notarization it will eventually work. So, aside from the broader policy question, the reality on the ground is that notarization was introduced more than 7 years ago (with macOS 10.14) and it still adds friction and unreliability<\/a> to the development process.<\/p>\n\n
Hammer<\/a>:<\/p>\n
We need to push a phrase like “freely installed apps”. Don’t use their terms. When Apple talks “sideloading” correct the record “I don’t want sideloading from the App Store either, I want freely installed apps from anywhere”.<\/p>
[…]<\/p>
At this rate I think we’re all going to end up using Steve Jobs’s original “sweet solution” to break free.<\/p><\/blockquote>\n\n
Previously:<\/p>\n