←back to thread

Grayjay Desktop App

(grayjay.app)
510 points pierrelf | 9 comments | 20 Dec 24 17:33 UTC | HN request time: 0.406s | source | bottom
Show context
lkurtz ◴[20 Dec 24 19:47 UTC] No.42474314[source]
Recommending (and running) `xattr -c` can be extremely dangerous. I would suggest withholding Mac releases until they can be distributed/run safely.
replies(4): >>42474522 #>>42475419 #>>42479203 #>>42480732 #
1. crazygringo ◴[20 Dec 24 20:09 UTC] No.42474522[source]
As someone not very familiar, is there any legitimate reason why they say "Our Apple signing/notarization is not entirely done yet"?

It feels extremely suspicious, given that I download lots of other popular utility software from independent devs and I've never had to do that before.

replies(3): >>42474641 #>>42474650 #>>42475640 #
2. jeroenhd ◴[20 Dec 24 20:21 UTC] No.42474641[source]
As a platform that basically started as a way to watch Youtube without tracking and ads, I think Grayjay should be sceptical of any third party code signing validation requirements. The copyright lobby has gone after software and its distributors before, even if it doesn't inherently pirate any content without user configuration.

I don't know why this app would need Apple's signature in the first place, seeing as it's not distributed through the app store. Is this like how you need to pay for a certificate to make the "are you sure you want to run this" prompt look less scary?

replies(1): >>42474817 #
3. lkurtz ◴[20 Dec 24 20:23 UTC] No.42474650[source]
There are a couple of legitimate reasons, namely the expense/KYC process of an Apple Developer Program membership and/or the complexity of integrating signing + notarization into existing build pipelines (but XCode does makes it pretty straightforward to cut an ad-hoc release that is signed and notarized).

In my opinion at least, the most likely reason is that Apple is refusing to notarize the software. If this is the case, people really should not be running it.

replies(2): >>42475438 #>>42479240 #
4. lkurtz ◴[20 Dec 24 20:42 UTC] No.42474817[source]
There are certainly valid, conflicting opinions around signing/notarization requirements for software. But notarization does provide end users with some safety guarantees that legitimately make running the software less risky. The scariness of "are you sure you want to run this" prompts is fairly grounded in real risk assumed by the end user.
5. josephcsible ◴[20 Dec 24 21:53 UTC] No.42475438[source]
Once you buy a Mac, Apple doesn't own it anymore, so them not wanting you to run a piece of software isn't a good reason why you shouldn't.
replies(1): >>42477808 #
6. rane ◴[20 Dec 24 22:18 UTC] No.42475640[source]
Not everyone wants to pay $99/year to be able to notarize software that is not going to make them any money.

https://github.com/disable-gatekeeper/disable-gatekeeper.git...

7. dishsoap ◴[21 Dec 24 05:56 UTC] No.42477808{3}[source]
This used to be true. It is, in fact, not true anymore!
replies(1): >>42480745 #
8. margana ◴[21 Dec 24 12:16 UTC] No.42479240[source]
Apple refusing to notarize it actually makes me want to use it more. That means Rossmann and his associates have got under Apple's skin enough that they would try to sabotage projects that he is involved with.
9. josephcsible ◴[21 Dec 24 17:00 UTC] No.42480745{4}[source]
It's still true. Why do you think it isn't?