Should I be concerned about python 3.6 having no code signature?

Question

I recently downloaded a program that monitors all incoming and outgoing connections and let's me assign firewall rules on the fly. It also conveniently checks the code signature of programs to verify I am not unknowingly running a modified program.

Now whenever I try to run python3.6.6, I get this little warning. Me being paranoid, I deny access and as a consequence am unable to confidently use my anaconda distribution which uses this executable.

which python --> ~/Users/me/anaconda3/bin/python

I already compared the md5 hash of the original tarball file with a new one downloaded directly from the anaconda repository and they matched.

I am not sure exactly how to proceed... Is there a way to manually reinstall python into anaconda without using conda? Or would I be better off deleting my anaconda distribution and performing a fresh install? OR is their an alternative that is much simpler and preferred :)?

Thanks

It might help to know what this program is that you've installed. — darthbith, Feb 07 '19 at 01:46
The program giving me the alerts is called [LittleSnitch](https://www.obdev.at/products/littlesnitch/index.html). — pAulseperformance, Feb 07 '19 at 01:56

score 0 · Answer 1 · answered Feb 07 '19 at 03:37

So I decided to backup my anaconda3 directory and them remove the entire directory which included the python3.6 in question.

I reinstalled anaconda3 with the newest release and littlesnitch reported the same suspicion, this time with python 3.7 as that was the newest version available.

This unexpected result drove me to dig deeper and following my research I came across this https://github.com/Homebrew/homebrew-core/issues/20193 and this https://github.com/Homebrew/homebrew-core/issues/18870.

In summary, it is an invalid code signature, but it's also a bug.

Should I be concerned about python 3.6 having no code signature?

1 Answers1