About Gatekeeper

About Gatekeeper

About Gatekeeper

Steven Frank:

So, signing allows us to, with very high confidence, ensure that we are who we say we are, and that the data we produce really came from us. Code-signing, then, is simply applying that signing process to executable code like a Mac app. If I try to start up an app, the operating system can validate that the app’s signature is valid, and perhaps also that it is the signature of a known, trusted developer. If it doesn’t pass muster, the OS can refuse to run the application.

This is a smart post and you should go read it. I’m excited about Gatekeeper’s potential. Can you imagine the state of the security industry today if Microsoft had implemented something like this?

It’ll be interesting to see how this shakes out. Will I have to get a developer ID in order to run Bash or Perl scripts? Will I be able to install Perl modules from CPAN if they haven’t been signed? Or can I sign them myself? I don’t know.

I do, however, share Steven’s concerns about the “artificial gulf”:

There remains one thing that is of concern to me. Despite these great strides forward, Apple is walking a dangerous line with regard to features that are only available to App Store distributed apps. … It would be a shame if this trend continues, as it creates an artificial gulf between App Store and non-App Store apps. For example, as things stand today, we won’t be able to offer iCloud syncing in, say, Coda 2, when you purchase it directly from us.

Since these are fairly new technologies, Apple may be wanting to provide additional oversight for programs which use iCloud and Notification Center. Apple may be wanting to get its feet wet slowly before diving in and letting every OS X application in the world start syncing and sending notifications. That’s the “hopeful me” speaking. And I say “hopeful” because this does seem anti-customer.