On 2020-01-24 17:41, Tony Trivia via use-livecode wrote:
Thanks to all who replied. The scope of my concern is strictly for
MacOS
standalone builds that are distributed outside of the App Store.
Such builds are blissfully simple compared to mobile device builds. For
years, I've been able to sign such apps without any provisioning certs.
(Since Apple has virtually no role in the distribution, it is not
involved
in the beta testing or updating of the app.) All I've needed to build
releases is the standard Developer ID Application cert, and those are
typically good for five year spans. But, eventually I won't be here to
renew the thing and I'd like any apps I make to carry on. So I hope
JLG's
prediction is correct!
I believe that as long as you sign, notarize and then staple the results
of the notarization to your app (or DMG - if you distribute using that
method) then expiry of your developer id / certificate (should that
occur)
will have no effect on them.
Just signing is no longer sufficient for the OS to verify an app on
Catalina
(and it seems, to a certain degree, on recent versions of Mojave!).
Notarizing but not stapling means the OS will always do a 'callback' to
Apple's servers to check integrity.
Stapling after notarization means the app is verifiable as it is.
At least that is my interpretation of the recent changes...
Warmest Regards,
Mark.
--
Mark Waddingham ~ m...@livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
