|
|
|
|
|
|
by scarface74
2535 days ago
|
|
|
So you realize you’re kind of arguing against your point? He made a prediction that still hasn’t come true over a decade later. And citing the patent office isn’t helping either. Every company patents everything they can. Direct download isn't going away, not after all the work that's gone into securing it, but if you think you can sell an app off your own site without giving Apple some identifiable info about who you are and what your code does, prepare to be disappointed. Well today you can. As you have been able to do since the info-Mac archives since before the World Wide Web existed. So unless you can bring back some proof from either your time machine or visiting some other world in the multiverse, I would rather talks about facts as they exist today. And code signing still won’t stop you from being able to run code that runs on top of a VM or scripting languages without them being signed and you won’t have to do the ctrl-click bypass. Why is it wrong for Apple not to bundle extra runtimes (scripting/JVM) software that increases the attack surface? Should they also start back bundling Flash? |
|
|
Watch WWDC 2019 Session 701, you'll learn something.
https://developer.apple.com/videos/play/wwdc2019/701/
> And code signing still won’t stop you from being able to run code that runs on top of a VM or scripting languages without them being signed and you won’t have to do the ctrl-click bypass.
It is easy to do this? No, in many cases I'd expect it to be a serious P.I.T.A, but it's unquestionably the right move going forward.
https://mjtsai.com/blog/2019/06/17/notarizing-command-line-t...