Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

melonDS is not notarised on macOS #2244

Open
ketsuban opened this issue Dec 22, 2024 · 4 comments
Open

melonDS is not notarised on macOS #2244

ketsuban opened this issue Dec 22, 2024 · 4 comments

Comments

@ketsuban
Copy link

Versions of macOS prior to Sequoia allowed running unnotarised code by rightclicking (Control-clicking, two-finger-clicking) the bundle in Finder and choosing "Open", but malware started instructing users to do this. As such, macOS Sequoia removed this process and instead requires you to attempt to run the software in question, open System Settings and in the Privacy & Security pane manually whitelist the software (which also requires typing your user password).

melonDS is signed only with an ad-hoc signature and not notarised, so it falls foul of this change. The problem was reported in #1257, but that issue suffered from a case of the blind leading the blind and was "resolved" by the user taking the above series of actions without explanation (hence the forlorn comment a year after the issue was closed asking what they did). The correct resolution is for Arisotura to incorporate notarisation into the process of creating the .dmg file containing a melonDS bundle.
@nadiaholmquist
Copy link
Collaborator

Probably won't happen. Getting access to a developer certificate usable fur notarization requires a recurring yearly payment and I doubt there's much interest in having to pay that.

@ketsuban
Copy link
Author

You don't have to pay for notarisation on a per-app basis, as long as there's someone willing to use their credentials to have melonDS notarised. (I know Arisotura has interacted with Vicky Pfau, for example, and mGBA is already notarised.) The only downside is that both tools are affected if the signing certificate is later revoked for any reason.

@CasualPokePlayer
Copy link
Contributor

Is this any precedent for app developers doing that? That just sounds like the equivalent of Netflix password sharing, and for obvious reasons that might itself not be kosher as far as Apple is concerned and may itself cause the certificate to be revoked.

@ketsuban
Copy link
Author

I confess I can't find anyone else saying they do it, but it falls pretty naturally out of the purpose of notarisation being trust and security. It's only the equivalent of Netflix password sharing if the point of notarisation is to make a profit for Apple, which it isn't—the money is just a speedbump, similar to Steam requires a downpayment per listing or the deposit required to stand for election in many countries including the UK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nadiaholmquist @ketsuban @CasualPokePlayer