6

My understanding is that Mountain Lion will be released in a configuration that forbids the installation of non-signed applications by default through Gatekeeper.

I currently distribute an open source application; this is a hobby project and I do not charge any money for it. Am I able to sign the code for this application without purchasing a Mac developer membership, or is Apple requiring that all developers pay $99/year to release applications that install on the default configuration of Mountain Lion?

Thilo
  • 257,207
  • 101
  • 511
  • 656
Patrick Kenny
  • 4,515
  • 7
  • 47
  • 76

2 Answers2

3

Note that "you can manually override Gatekeeper by Control-clicking the app and choosing to open it." Not obvious from Apple's description is that you only need to do this once for any given app, so it shouldn't cause much inconvenience to your users one way or the other. Apple seems to understand that if Gatekeeper is inconvenient, people will simply turn it off.

As for whether only paid program members will be eligible for Developer ID certificates after the release of Mountain Lion, I'm not aware of any statement by Apple one way or the other. Developer ID links currently seem to be redirecting free users to the paid program enrollment page, however.

Jason T. Miller
  • 672
  • 7
  • 7
  • from this pdf on apple's website: https://developer.apple.com/library/mac/documentation/security/Conceptual/CodeSigningGuide/CodeSigningGuide.pdf it says on page 12 that you can use self signed certificates to run it on your machine but other computers won't be able to verify your self signed certificate and won't run =/ – mgrandi Jul 28 '12 at 08:20
  • My point was that the default Gatekeeper settings in ML don't actually "forbid" running unverifiable code. As your link points out, other applications of code signing have other requirements, including, in _certain_ cases, a requirement that the code-signing certificate be chained to a trusted root. For examples, see Apple's [technote 2206](http://developer.apple.com/library/mac/#technotes/tn2206/). Even in cases where I can get away with it, though, _including testing_, I generally wouldn't _self-sign_ anything other than a CA root certificate. – Jason T. Miller Jul 29 '12 at 12:13
1

If your application is web based application, you can avoid developer membership otherwise you can't.

Abdullah Md. Zubair
  • 3,312
  • 2
  • 30
  • 39
  • What is a web-based application in this context? And do you have link that you need the *paid* membership (there are free programs, too)? – Thilo Jun 20 '12 at 05:03
  • In this context of avoiding Developer ID signing requirements, a "Web-based application" would be anything you're not delivering as a standalone Mac application bundle, including applications that require users to install custom-built browser plug-ins . . . or, for that matter, kernel extensions. – Jason T. Miller Jul 29 '12 at 12:29