(no title)

As an open-source developer, is there a way to have my apps pass Gatekeeper without paying the $100/year Apple ransom and notarizing them? I think it’s the crux of the problem.

As I’m writing these lines, Homebrew has 7656 casks in the official cask tap[1]. I’m not sure exactly how many of those are unsigned but if we assume 4000 then signing them all would be an additional $400,000/year extorted by Apple from the open-source community.

Defining HOMEBREW_CASK_OPTS=--no-quarantine in my shell configuration was a good way to avoid this issue without having to manually run dozens of xattr -d every time I run brew upgrade.

Now my only option left is to pull the trigger and make my system globally less secure: sudo spctl --master-disable

Unfortunately, disabling Gatekeeper doesn’t just allow unsigned apps to run: it also completely disable all verifications for signed apps: notarization checks, revocation checks, trust evaluation checks.

[1] curl https://formulae.brew.sh/api/cask.json | jq 'length'