[GeekyBear]

> The "unsigned" part isn't surprising, considering Apple would never approve it.

Apple doesn't have approval rights when you distribute Mac software outside their App Store.

Signing just requires that you have a developer certificate and pass a virus scan.

[NotPractical]

Just based on the Apple developer documentation, it appears that you're correct: https://developer.apple.com/documentation/security/notarizin...

I was actually surprised not to at least see "your app must agree to abide by some basic terms of service" on the list of requirements. It seems like a mostly automatic system.

At the same time, I would also be surprised if Apple were explicitly alerted by Hollywood lawyers of the fact that an app like Popcorn Time was endorsed in any way by them, and they didn't proceed to revoke the signature.

[jrockway]

I kind of doubt it. Right now Microsoft is paying money to distribute it to people (Github). Code signing is not really any stamp of approval from an "app store" type agency, it's more of a self-certification thing. It's similar to TLS on the Web; Let's Encrypt issuing a certificate says "Let's Encrypt checked that the website was able to receive traffic for the named domain on the issuance date", not "Let's Encrypt wishes that it made this website itself!"