[jezek2]

As a creator of a programming language that can compile binaries of any supported platform from any platform it is an unsolveable problem.

I can't do the signing as it requires Apple stuff. Not to mention it is unethical to require it as it's used for gatekeeping not just security (requiring Apple to decide if you can run an executable is unacceptable).

Compare it to Android where you can use self-signed certificates and it has an actual function, it allows updates signed with the same certificate to access the existing stored data on the device. It improves security without gatekeeping. At least that was on the older Androids, haven't done work on any newer ones.

I can't do some kind of universal launcher that is signed by me because it would allow to run arbitrary code and therefore it would be banned.

Therefore the only solution is to search for various workarounds (eg. by teaching the users how to run the software) or if not possible anymore stop supporting newer versions of MacOS and rely on web applications to support the platform (like it's the only way on iOS).

Which would be even worse on the desktop as the usability can be quite bad, but at least users would have some chance to use the applications even on their closed system.

[simonask]

I hope you're able to see how your use case is incredibly niche, and should not be a priority for a general security model for an operating system.

Your problems are extremely insignificant in the big picture, where the priority of a serious operating system should be to support regular people in avoiding malware and malicious social engineering. macOS is a general purpose operating system, not a hobbyist or tinkerer OS, and the vast majority of its users are non-technical.

I get that it's annoying, but pushing the work on you is a massive benefit to your users.

[jezek2]

You're right that as a developer of the language it's quite niche position, however the language is then used by developers to create actual applications and they're affected by this, or rather the users are.

It also allows to be used from a C/C++ project so you can do all the required steps, but it's quite more involved compared to simply building the software for all platforms at once.

It's also not related to how popular my language is. It affects any language including C/C++ if you want to have unified cross-compilation to all supported platforms (which is quite typical for any serious project).

You may not be aware but Apple has put roadblocks for such usages as well, you can't rent a Mac VM for automatic builds, it has to be rented for 24 hours at minimum. Using someone's private Mac for building may not be a good idea for various reasons.

And then you compare it to other platforms that don't require anything like this. I even mentioned Android which shows that you can use signing to provide a security aspect without the gatekeeping aspect.

The issue is wider and basically it's an anticompetitive behavior of Apple to any competitor to Xcode.

[shepherdjerred]

You can sign macOS executables without macOS hardware

[jezek2]

A paid developer account would be required by every developer wishing to publish their cross-platform application also on MacOS. Even if it was free it would be an issue because it would require an extra registration and workflow that requires internet access and having Apple to arbitrarily decide that your application (or you as a developer) is banned.

Therefore instructions how the users can run the application is the only solution.