Many MacOS users are probably used by now to the annoyance that comes with unsigned applications, as they require a few extra steps to launch them. This feature is called Gatekeeper and checks for an Apple Developer ID certificate. Starting with MacOS Sequoia 15, the easy bypassing of this feature with e.g. holding Control when clicking the application icon is now no longer an option, with version 15.1 disabling ways to bypass this completely. Not unsurprisingly, this change has caught especially users of open source software like OpenSCAD by surprise, as evidenced by a range of forum posts and GitHub tickets.
The issue of having to sign applications you run on MacOS has been a longstanding point of contention, with HomeBrew applications affected and the looming threat for applications sourced from elsewhere, with OpenSCAD issue ticket #880 from 2014 covering the saga for one OSS project. Now it would seem that to distribute MacOS software you need to have an Apple Developer Program membership, costing $99/year.
So far it appears that this forcing is deliberate on Apple’s side, with the FOSS community still sorting through possible workarounds and the full impact.
Thanks to [Robert Piston] for the tip.
Looks like Linux is back on the menu
I understand there’s now a halfway decent Linux distribution that will run OK on some of Apple’s hardware.
I mean, until they start demanding signed kernels or whatever.
Why do people buy this stuff?
It’s best to just stay away from Apple hardware. They probably want to lock down their computers like they do their phones. I would imagine that locked bootloaders will be next.
Because people – the people who buy Apple’s products, not you or I – don’t care about this.
They care that it works. They care that it denotes status. They don’t care that they can’t run anything not Apple-approved.
And yes, that’s a problem.
It doesn’t work if you want to run a program from somebody who refuses to pay the Apple tax and jump through Apple’s hoops.
And the only way to actually remove all ways to bypass it would be to prevent you from writing your own program, of any kind, to run on your own computer. Including scripts that ran outside of some ridiculously tight sandbox that made them useless.
At that point, it’s not a computer and it’s fraudulent to sell it as one.
sudo spctl –master-disable
Great, now only real hackers can install malicious software.
This seems more likely to be a bug than anything. Sequoia did disable the ability to launch unsigned apps via right-click (control-click) > open, moving approval of an unsigned app to a location that only appears when you try to launch an unsigned app, at the bottom of System Settings > Security. A lot of these forum posts don’t seem to understand that, and are misunderstanding others that are giving correct advice.
It seems unusual for Apple to add an entirely new process for approving unsigned apps only to drop it one minor version later. An intentional removal would have been big news, and would have arrived with the first betas of Sequoia.
After trying this myself, it does seem the approval section in system setting is not appearing as intended in 15.1, so a bug likely slipped in with the latest release. Annoying, but not an intentional removal like how this news is being characterized.
(Note that the Settings option is not new and was occasionally necessary in some weird edge cases even before Sequoia.)
I’d this was on purpose and not a bug like another comment suggests, then I wonder how long until they get into legal hot water. If they don’t make a free method for signing I could easily see the FTC coming after them.
Since 2006 I have had 2 mac pros, 4 imacs, 5 macbooks, 2 mac minis, and several iphones, ipads and one apple watch. Loved having a unix like underbelly with high quality mix of commercial and open source software. If this stupidity of forced signatures cannot be bypasses… (1) I stop upgrading macos from 14, (2) never ever buy a mac again, and likely (3) drop the entire apple ecosystem from now on. I am sure I am not the only one. Time to dump my apple stock too…