[adastra22]

Anything you compile on your own system you can run. This only affects downloaded binaries.

[chongli]

Yes, so we should move to a source-based package manager and build system, like FreeBSD ports.

[adastra22]

There are plenty of options for that on macOS, the most common being homebrew and MacPorts.

[Hamuko]

Homebrew defaults to downloading binaries.

[adastra22]

Defaults to. You can tell it to compile yourself, if that matters to you. I don’t see what the issue is here. Why is it a problem that it defaults to binary distribution?

[Hamuko]

The biggest problem is that the defaulting to binary distribution also means that building from source is unsupported.

>Building from source takes a long time, is prone to failure, and is not supported.

Having issues building your Homebrew packages from source? Well, you better not take it to the bug tracker.

[fredoliveira]

> The biggest problem is that the defaulting to binary distribution also means that building from source is unsupported.

I don't think it means that at all. They're both clearly supported by homebrew — one just happens to be the default. You can always use -s or --build-from-source to build whatever package you are installing.

[IshKebab]

Thanks for confirming the nightmare.

[steve_adams_86]

I mean, you can download source if you want to run it. It isn’t a complete nightmare yet. I think we’re still in a grey area. This will help some people still, though it’ll definitely hinder others (myself included).

Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.

[ryandrake]

> Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.

When Quarantine was released in Leopard, and Gatekeeper in Lion, and System Integrity Protection in El Capitan, and then "Allow from Anywhere" was removed as an option in Sierra... Each time, people were saying similar things. "Yea, it's bad, and it's getting consistently worse with every release, but surely we are nowhere near 'really bad' yet!"

[adastra22]

To me these are clear security improvements; things are not getting worse. And there is absolutely no reason to think they'll be dropping support for endusers running their own compiled software.

[int_19h]

The obvious end point would be the same as iOS, which is to say - you can run it to your heart's content, provided that you shell out for a dev certificate.

[adastra22]

That is not at all obvious.

[skrrtww]

> Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.

This is the case for building and running things with restricted entitlements and system extensions.

Unless you disable system integrity protection entirely, which locks you out of your purchased App Store software, DRM content, etc.

[dur-randir]

>which locks you out of your purchased App Store software, DRM content

Also false. But Apple's glad you believe in that.

[NotPractical]

It does lock you out of iOS apps, Apple Pay, and 4K streaming of DRM content [1]. But that's not so bad I suppose.

[1] https://github.com/cormiertyshawn895/RecordingIndicatorUtili...

[skrrtww]

I was mistaken; I was conflating Permissive Security with SIP. Permissive Security does have those limitations.

[adastra22]

You can no longer disable system integrity protection.

[pcwalton]

You can [1].

[1]: https://www.reddit.com/r/hackintosh/comments/1fh5wez/cant_di...

[NotPractical]

Source?

[adastra22]

The release notes for Sequoia.

[adastra22]

Care to explain the nightmare to someone who seriously doesn't get it?

I can run any open-source software I want. Other people can't run my precompiled binaries unless I opt into an attestation system that lets the OS respond to and pre-emptively block binaries from developers found to be issuing malware. Open source is unaffected.

I seriously fail to see what is wrong here.

[int_19h]

That would kill a lot of old software, though. Especially games.

[adastra22]

I challenge you to find old software that still runs on modern Macs which was never code signed. Note that support for 32-bit applications has been retired, and x86 applications will eventually be sunsetted as well. This isn't Windows.

[int_19h]

Indeed, the current state of affairs on the Mac is the consequence of Apple repeatedly making this kind of choice. That doesn't make it any less frustrating when things that worked before, stop working after.