[Twisell]

Are you sure about your point?

From what I had in mind, notarization is only done developer side before publishing. Client side it's just a check against Apple certificates to verify that the binary haven't been tampered since notarization, no phoning home should be involved. (Or maybe just to update Apple certificates).

[Joeri]

According to this article macOS does do a network request to check the notarization ticket:

https://eclecticlight.co/2023/03/09/how-does-ventura-check-a...

They also check the developer certificate in the OCSP stage.

Both of these are mechanisms where apple can effectively lock out developers from having a smooth install experience for their software at their discretion.

[nudgeee]

Isn’t this how certificate revocation flows work?