site_archiver@lists.apple.com Delivered-To: Installer-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prentiss.name; s=prentiss; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=QfqRLBJ6oPlDsgHBSO/Yl8SBNdUWN/el+gBC1fgweSM=; b=ZpS7vRrNFRSnBlF5XGeCieQWk5iog0Al18iczPY12keP5aPKmUu2/Yb/qPX+Nzw28W hyG1ZCK2HThVqtg8AkDL89hFia4nnESyinNgDfMFvmIAa5IAXP9U2BzlgMK+0T4kHwgJ AcwhCJ3XchUCxTAtWqacVWK4VcPcjbPBGdhYc= Yes, but Installer doesn’t stop you from installing something with an expired signature. Gatekeeper does. — -Rob On Aug 11, 2017, 2:46 PM -0700, Stephane Sudre <dev.iceberg@gmail.com>, wrote:

On Fri, Aug 11, 2017 at 9:59 PM, Rob Prentiss <rob@prentiss.name> wrote:

...

Did you do a fresh download of the installer package?

Gatekeeper will only prevent you from opening an installer or app when the file has just been downloaded, or otherwise has the `com.apple.quarantine` extended attribute set. After you've opened the package once, the attribute value is cleared, and gatekeeper don't check anymore.

Regarding the original additional irritation, it's not Gatekeeper that displays the certificate as expired or not depending on the OS version in the UI of Installer.app. This is the SFCertificateView class which is part of the SecurityInterface.framework APIs.

_______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com