| I'll jump in here and say that it probably _is_ notarization. The issues arrise when osx thinks it can get a connection to ocsp but actually because of real world consequences it can't. This can cause a delay of upto 5 seconds while it times out. Some specific examples, No internet connection: instant fail over Blocked OCSP firewall or whatever: instant fail over Slow internet but still able to reach: slow start: 1+ seconds Bad internet, not able to reach: 3-5 second delay waiting Normal internet, OSCP reachable: <1 second delay Disabled trustd: Nothing will start, single user mode and trustd restore required I've experienced all of these and is one of the reasons I have a shiney new Framework laptop sitting waiting to be migrated over to.
Also the "only on first run" also isn't true. It periodically checks for certificate revocation (as it should) and therefore will cause issues at sporadic intervals. And the kicker of course is that all this is via plain ol' http, so everyone knows what developer's programs you're starting via the hash. |