Grayjay Desktop App

(grayjay.app)

512 points pierrelf | 2 comments | 20 Dec 24 17:33 UTC | HN request time: 0s | source

Show context

lkurtz ◴[20 Dec 24 19:47 UTC] No.42474314[source]▶

Recommending (and running) `xattr -c` can be extremely dangerous. I would suggest withholding Mac releases until they can be distributed/run safely.

replies(4): >>42474522 #>>42475419 #>>42479203 #>>42480732 #

crazygringo ◴[20 Dec 24 20:09 UTC] No.42474522[source]▶

>>42474314 #

As someone not very familiar, is there any legitimate reason why they say "Our Apple signing/notarization is not entirely done yet"?

It feels extremely suspicious, given that I download lots of other popular utility software from independent devs and I've never had to do that before.

replies(3): >>42474641 #>>42474650 #>>42475640 #

1. jeroenhd ◴[20 Dec 24 20:21 UTC] No.42474641[source]▶

>>42474522 #

As a platform that basically started as a way to watch Youtube without tracking and ads, I think Grayjay should be sceptical of any third party code signing validation requirements. The copyright lobby has gone after software and its distributors before, even if it doesn't inherently pirate any content without user configuration.

I don't know why this app would need Apple's signature in the first place, seeing as it's not distributed through the app store. Is this like how you need to pay for a certificate to make the "are you sure you want to run this" prompt look less scary?

replies(1): >>42474817 #

2. lkurtz ◴[20 Dec 24 20:42 UTC] No.42474817[source]▶

>>42474641 (TP) #

There are certainly valid, conflicting opinions around signing/notarization requirements for software. But notarization does provide end users with some safety guarantees that legitimately make running the software less risky. The scariness of "are you sure you want to run this" prompts is fairly grounded in real risk assumed by the end user.

↑