[sudhirj]

There is, but even the control click will only allow you to open signed software. Unless you build the software yourself (I'm not sure how homebrew still works) you cannot run it if it's not been notarized by Apple.

Firefox was broken on Catalina for a while, even though the main app was notarized. Some internal binary wasn't notarized, and no amount of control clicking would get Firefox to work until Mozilla notarized everything in the build.

[scarface74]

For users who know what they are doing:

https://forums.macrumors.com/threads/unsigned-apps-catalyst-...

  sudo spctl --master-disable

[sudhirj]

The users who really know what they're doing are going to refuse to disable system integrity protection. I paid a shitload of money for the T2 chip, secure signed boots, a virus-free environment and complete peace of mind from malware. No way I'm turning that off on a work machine.

I have a Raspberry Pi for hacking, I'm happy to root the hobby computers, not the work ones.

[sudhirj]

That's why if find postings like this dangerous. If an author is asking someone to run a command, they really need to explain what the command does and what the tradeoffs are.

[scarface74]

The command doesn’t do anything by itself from what so can tell. It just enables the option to run unsigned code.

[michaelmrose]

I find it weird that you don't expect root privileges on devices you do work with.

It seems like this conflates the notion of having root privileges with turning off security. There is no meaningful connection between the two save in situations where there is no meaningful way to control said security layers save destroying them.

For example refusing to boot a bootloader that isn't signed doesn't require your oem to hold the only possible key that can be used to sign said bootloader.

[pjmlp]

Which are a very tiny percentage of typical Mac users.

[scarface74]

As it should be. The vast majority of users should only run signed software. That leaves the ones who know what they are doing a way to bypass it.

[pjmlp]

You mean those that after doing that just perform "curl | sh" as it has become trendy among the younger UNIX generation?