[plufz]

I also have things I want to change in gatekeeper, but that feature is not one of them. Just gut feeling but I would say 110% of all users, would just click ”start” on every unsigned app if it was that easy.

[Affric]

Bingo. I know I would.

I am the king of knowing immediately when I have fucked up.

“Undo” has made us far too comfortable with mistakes.

[weaksauce]

they could do it like they do it for accessibility settings. you have to opt in for an app and you need to know damn well if it is a reputable app before giving those controls over. there's enough friction in that that it is not done by many apps but not hard enough that it's a huge ask to whitelist the app.

[gblargg]

So have a buried option that power users can flip one time to add an allow button to opening untrusted apps.

[Wowfunhappy]

But that's exactly what `sudo spctl --master-disable` does! You'll still see a warning dialog on first launch.

[gblargg]

So you don't lose any of the protections, just are allowed the option of running anyway (or backing out and NOT running it after getting the warning)?

[Wowfunhappy]

I don’t understand what you mean by “protection”. The “protection” offered by Gatekeeper is that you aren’t able to run unsigned software without going into System Preferences. That’s it. There isn’t some other secret sauce.

Without Gatekeeper, macOS will instead pop up a dialog warning you that the application was downloaded from the internet, and provide an option to run it anyway, on first launch.

[hedora]

That’s good to know, but the spelling of the command is incredibly user hostile, even by modern apple standards.

[Wowfunhappy]

> the spelling of the command is incredibly user hostile

Well the command is spctl, so I assume it stands for (s) Security (p) Policy (ctl) Control.

I agree that "ctl" for "control" is a bit weird but it's a pretty typical Unix convention: pfctl, networkctl, systemctl, etc.