site_archiver@lists.apple.com Delivered-To: Installer-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redlands-qld-edu-au.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=yy+nt3ybuPP1hWWDRYSieaY05f2el7Oc/7oym4hY+hQ=; b=EvyddQGetctAPAjjIvXxRZbGs2JGEtoSgCemd/e9o9JYe7wCyM6wry7pEiss+xZFQU bwn9gzvOYM9gcqUAHHU4Cp0+MTmc+bcAwDvUke1CD4JskJT+pvj/sViGgmpaAJIbdb3/ x+F01NEG7qwYnVoaXiMa80b7FBQ2HuHWrJe+xScom14kDujCEenRouo34WJ1aP3bXdBJ 3/1U+FHad45jXPOK/Jf1YN4GaGDTTnj05ckkHYLNrG4cq0y0xTM+y9rQd/2VWRCzo4p+ kStpTGGYWU61JW8sBMtSAMeSEnVFOe9CmEklHpzvxXFQg7h5I80LqYchdRSTf73LyGGA eMXg== Signed packages work "well" in scenarios where an app is distributed through the App Store. These apps are likely to be frequently updated, so the issue of a certificate expiring is less of a problem than an app being distributed outside of the App Store. Signed apps/packages is another layer of "trust"; that is, trusting that a bad actor hasn't maliciously compromised the app/package (ignoring that a bad actor can still use an Apple Developer account to get a signing certificate). <trimmed for brevity>
I'm also wondering why installers work this way in macOS in the first place... who's being protected by allowing installers to effectively expire? Why not have it work the same as applications and make the installers remain valid in perpetuity as long as the certificate used to sign them was valid at the time of signing?
- Brian
-- -- Kind regards, *Carl Windus | **IT Support Officer** (Project Manager)* | Dip IT (Networking) *We invite you to visit our website <http://www.redlands.qld.edu.au/>. Read the latest news on our official Redlands Facebook page <https://www.facebook.com/redlandscollege>.*
-- _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com