[tsimionescu]

Extremely small - probably in the megabytes range I would guess.

Think about antivirus definitions - those are many, many times larger, and still they have been kept up to date over the internet for decades.

[tgv]

There is a very large list of binaries that can potentially be downloaded, each of which can have hundreds or thousands of versions, while the number of known virus fingerprints is relatively small.

[aequitas]

Apple doesn't check binary hashes but developer certificates these binaries are signed with. Which there are a lot less of (ie. firefox and thunderbird share the same certificate).

[tgv]

From what I understood, Gatekeeper still sends an application specific hash/ticket when an application is opened, not just a dev certificate (e.g. https://lapcatsoftware.com/articles/catalina-executables.htm...). Did that change in Big Sur?

[_qulr]

The notarization check is on first launch of an app, but it doesn't occur on subsequent launches, unlike the certificate revocation check.

[tgv]

But the first lookup would have to stay, with all the implications that the proposed alternative (download a list of all certs/tickets) was meant to overcome.