(no title)

I'll probably end up adding it myself if you don't want to, because it's actually something I wanted to include originally but forgot to.

This is definitely a huge issue with the current implementation of DMA compliance. Apple's mandatory DRM encryption scheme as part of the notarization process doesn't just block reproducible builds and the improved security that those offer, but also means that third party app stores aren't capable of auditing the apps they offer in any way. If Apple lets something slip through their notarization review (which is not an impossibility, since it's happened on the App Store before), then the third party store carrying that app will be unfairly blamed for the incident.