| Sigh, you're just not getting it, sorry to say. I have NO TROUBLE imagining that Apple will continue to tighten the screws on this, enforcing signing through Developer TOS and requiring MAS apps to pay for distribution certs. Direct download isn't going away, not after all the work that's gone into securing it, but if you think you can sell an app off your own site without giving Apple some identifiable info about who you are and what your code does, prepare to be disappointed. Runtimes won't be disallowed, just that you (the user) are responsible for installing them and keeping things updated. Oh, and for record, my reference to "Perry the Cynic" is no accident...he literally invented how code signing works. https://weblog.rogueamoeba.com/2008/03/07/code-signing-and-y... https://red-sweater.com/blog/514/development-phase-code-sign... http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=H... http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=H... |
And citing the patent office isn’t helping either. Every company patents everything they can.
Direct download isn't going away, not after all the work that's gone into securing it, but if you think you can sell an app off your own site without giving Apple some identifiable info about who you are and what your code does, prepare to be disappointed.
Well today you can. As you have been able to do since the info-Mac archives since before the World Wide Web existed. So unless you can bring back some proof from either your time machine or visiting some other world in the multiverse, I would rather talks about facts as they exist today.
And code signing still won’t stop you from being able to run code that runs on top of a VM or scripting languages without them being signed and you won’t have to do the ctrl-click bypass.
Why is it wrong for Apple not to bundle extra runtimes (scripting/JVM) software that increases the attack surface? Should they also start back bundling Flash?