Download some vital free software, mount its disk image, run the Installer package there – but why does Ventura refuse to install it, and what you do?
package
The Finder is happy to create aliases to most files and folders, provided they aren’t immediately inside a bundle or package. Then it gets all fussy. But why?
How macOS updaters have changed over the last decade, and why they’re far more reliable, but you can’t download a standalone updater any more.
App signatures remain valid forever, but Installer packages are different, and their certificates can and do expire. What about notarization though?
If you use the Installer app the wrong way, it will open an ad-hoc signed package and quietly install apps which don’t get checked by Gatekeeper.
Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.
How to check whether any Installer package or app has valid certificates, using this new version of Taccy.
Validating signatures isn’t straightforward. GUI apps are limited, and command tools confusing and prone to user error.
Do you use third-party command tools? Are you using or planning to use Catalina? This explains how 10.15 changes first run checks on those tools, and their effect on all users.
Want to check whether an Installer package has been properly notarized? This new version of Taccy will do it for you.