Certificates in an installer must be valid when the installer is run. Six years ago, all Apple’s ran out, and it had provide new versions. How to cope with that.
certificates
From its introduction in Leopard in 2006, some were predicting no good would come of it. From 2012 it became important with Gatekeeper, then came notarization in 2018.
We want confidence that all executable code is exactly as was built by its developer, and if any is found to be malicious, we want macOS to be able to block its launch.
How is it going to be harder to run apps that haven’t been notarized in Sequoia, and does it bring any benefit in return for the inconvenience?
Differences between file-based keychains including the login keychain, and Data Protection keychain. How the Passwords app in Sequoia caters for the latter.
iCloud Keychain is apparently the way ahead, but even Apple has a great deal more work to do before that’s feasible. A look at what’s needed.
macOS has two types of keychain, and its tools for working with them, Keychain Access and the command tool security, only work fully with one type.
Ventura aims to improve app security by checking integrity of apps and command tools whenever they’re run. How can it do that without significant overhead?
Are additional Gatekeeper checks in Ventura effective, and worth the effort? Surely malware can bypass them easily.
What are keychains? What do they store? Which are essential on Macs, and why do you get prompted to enter your password for access to them? How secure are they in iCloud?
The Eclectic Light Company 