A Gate With Destiny

February 17th, 2012

On the one hand, I agree with Steven Frank.

But I can’t find it in me to disparage this goodwill effort that Apple has undertaken to not turn every third-party developer upside-down with regard to app distribution. To me it’s a great sign that they’re aware and at some level sympathetic to our concerns, while remaining committed to a high-security experience for users.

On the other hand, there are still some loose ends.

  • Will Developer ID require that developers identify themselves beyond a nickname, an email address and a link? Why? (Or rather, why the lucky stiff, or IceFrog?)
  • What will happen to apps that are currently signed? (For one thing, there are implications to keychain migration.)
  • Will partial signing, so as to facilitate selective fiddling-around, be permitted?
  • Can additional trusted roots and revocation lists be added?
  • What about plugin loading? Will Gatekeeper load an unsigned plugin in a signed app? What about a self-signed plugin in a Developer ID app? Or a Mac Store App?
  • What is the ultimate fate of the “run all code” option?
  • How does Gatekeeper address code that can’t currently be signed (scripts of various flavors, lone binaries)?

And furthermore, at which point will Apple even revoke a developer certificate?

  • Will Apple revoke the developer certificate of a developer like Unsanity, developing addons that use technical trickery to achieve a deeper level of customization?
  • Are apps that Apple, for App Store purposes, consider enabling illegal acts — like Bittorrent clients — acceptable?
  • Apps that include, or are tailored for, porn?
  • What about other apps that are morally ambiguous?
  • Will Apple revoke the developer certificate of a developer like Unsanity, developing addons that use technical trickery to achieve a deeper level of customization?
  • Apps that are legal in the country of intended use, but illegal in the US?
  • Apps that are legal in the US but illegal in the country of intended use?
  • Apps that are legal in the US and legal in the country of intended use, but potentially illegal in other countries?
  • Will Apple revoke a developer certificate at the request of governmental agencies?
  • Will Apple revoke a developer certificate of software that is poorly maintained, severely instable (although not harmful in any way) and seldom updated?

Don’t get me wrong; I am happy that they have listened to the community and to common sense and are willing to offer at least one lasting alternative to the Mac App Store. I also understand that they are just getting out the gates. There are still important things to sort out, and the choices Apple makes will determine the future of the Mac platform and deeply impact those who use it going forward.