Email or username:

Password:

Forgot your password?
Top-level
Rich Felker

@bob_zim @ieure @chris @porglezomp Disallowing exec and telling you why is a reasonable default.

Lying that it's damaged to trick you into not trying to find a workaround to execute it is vile and user hostile.

8 comments
Brendan B.

@dalias @bob_zim @ieure @chris @porglezomp pretty much any browser will throw up a warning if you make an HTTPS connection to a website with a self signed cert too.

past oral no mad replied to Brendan

@distinct @dalias @bob_zim @chris @porglezomp It's not the same, though: the browser explicitly tells you exactly what the problem is, and offers options for you to choose what to do (proceed or not).

macOS does not do this.

Chris Alemany🇺🇦🇨🇦🇪🇸 replied to past oral no mad

@ieure @distinct @dalias @bob_zim @porglezomp
Sorry, you lost me. There is a pretty clear explanation why this is happening. I am not going to get hung up on the word “Damaged” vs. Something else. It’s not a secret, including the workaround, all someone who really doesn’t want to sign their application has to do is inform their users of the workaround. As others have said, application signing is a pretty reasonable default behaviour to protect the millions of general users.

Rich Felker

@distinct @bob_zim @ieure @chris @porglezomp The browser doesn't lie and say the DNS lookup failed or the host is unreachable. It says the certificate is untrusted and asks you how to proceed.

Zimmie

@dalias @ieure @chris @porglezomp I’m not sure I’d call the message a lie. An app bundle isn’t just a loose binary (this message doesn’t come up for loose binaries), and a signature has been an expected item in the bundle for over a decade. A bundle which is missing expected resources *is* damaged, just as much as if the bundle were missing the Info.plist or some framework it uses.

It should definitely provide a way to find out exactly what about the app bundle is weird. NSError even provides several fields like localizedFailureReason which could easily be used for this.

@dalias @ieure @chris @porglezomp I’m not sure I’d call the message a lie. An app bundle isn’t just a loose binary (this message doesn’t come up for loose binaries), and a signature has been an expected item in the bundle for over a decade. A bundle which is missing expected resources *is* damaged, just as much as if the bundle were missing the Info.plist or some framework it uses.

Go Up