> On Jan 10, 2013, at 3:28 PM, John Clements <[email protected]> wrote: > > I don't know why Matthew wasn't cc:'ed on this, I've added him. Perhaps this > should just go to dev? > > On Jan 10, 2013, at 2:23 PM, Ryan Culpepper wrote: > >> I'm told that the Mac OS X default security policy has changed (as of 10.8) >> to disallow running unsigned software, so it looks like we need to start >> signing Racket releases. >> >> Eli: Can you work out how to include signing in the build/release process? I >> believe John (cc'd) has the information for PLT Apple Developer account, >> which may be sufficient to get a signing key; otherwise we'll need to >> acquire one. > > I've just logged in as 'plt', and skimmed a long presentation: > > http://developer.apple.com/devcenter/download.action?path=/wwdc_2012/wwdc_2012_session_pdfs/session_702__gatekeeper_and_developer_id.pdf > > (I don't know if you can hit that URL without logging in to the developer > center.) > > The gist of it seems to be this: Although Apple would much rather have you > use the App Store, there is something called "Developer ID" which allows you > to sign and distribute your own stuff. It looks like it uses standard > certificate signing stuff; that is, you submit a "this is my signature" > certificate to Apple, and they sign it for you, and then you can distribute > it with your code to prove that this is your signature, and then also attach > the signature for the code. > > There are a bunch of command-line tools that can help with this: > codesign > spctl > csreq > productsign > xip > > If I understand correctly, however, you have no choice but to fork over $99 / > year to join the Apple Developer Program in order to have them sign your > certificate. > > I believe it's possible to circumvent the whole signature mess… if you > instruct users on how to dig into the innards of OS X to disable code > signing. In other words, that's a major obstacle for normal users. > > Anyone who wants the 'plt' password should let me know, and I'll hand it > over. Naturally, it would be almost as simple just to create another > "[email protected]" developer account; for all I know, someone may already > have done this. > > John Clements >
It’s now 2015, and in Yosemite, it’s quite unpleasant to double-click on DrRacket. You get a nasty dialog, and Racket winds up looking like malware. Can we consider signing the 6.3 release? (Apologies if my e-mail search has missed something significant since 2013…) John -- You received this message because you are subscribed to the Google Groups "Racket Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/1625ffc1-f2b5-4595-921c-de3c6e2f6c55%40mtasv.net. For more options, visit https://groups.google.com/d/optout.
