top | item 46557094

(no title)

OP said something confusing about the Go compiler, so I was only added clarification for that one statement.

You walked by half listening to a conversation, stuck your head in the room and said something tangentially related but more confusing.

There are distribution and development certificates that can all be used for signing a binary. Different rules for each, and there's also auto-signed (com.apple.provenance). It's all documented on Apple's website if you want to read more about it. But I suspect you already know this and are just trying to pick a fight.

discuss

lapcat|1 month ago

This is a gross mischaracterization of the thread. I replied to spondyl, not to you. Then you replied to me, so if anyone was "trying to pick a fight" involving me, it was you.

The crucial point is this: there are no builds that expire on macOS. Developer ID signed builds do not expire. Ad hoc signed builds do not expire. When the Developer ID code signing certificate expires, it cannot be used to sign new builds, but the old builds last forever. Build expiration is not a thing in any case.

So when spondryl asked, "Just to be clear, you're saying that .app bundles (and CLI tools) distributed outside of the App Store (and CLI tools) will continue to operate once the expiration date of the signing certificate has passed?" and you responded "No, sorry. That's not what I'm saying." that was actually confusing, not what I said.

The only reason the Logitech software died is that Logitech itself was doing some custom and badly designed validation above and beyond anything that macOS itself does. Your mention of App Store apps and CLI tools was itself a tangent and completely irrelevant to the issue.

fingerlocks|1 month ago

So what happens when I codesign with the the --expires flag?