App signatures remain valid forever, but Installer packages are different, and their certificates can and do expire. What about notarization though?
Packages
Stepping through building it correctly in Xcode, turning it into an Installer package getting it notarized and the ticket stapled to the tool.
You don’t have to add an Info.plist to a standalone Mach-O tool in order to sign it, or to get it notarized successfully. And more tips.
Preparing software for distribution shouldn’t be harder than writing the code in the first place.
It took 5 apps, 4 command tools in 6 commands, 2 developer certificates and an app-specific password for 260 lines of code.
Another epic journey, this time to make an Installer package for my Blowhole command tool.
Just when most software had settled on using Appleās Installer, along came the App Store to add to complexity. And then there’s Adobe with its own downloaders and installers again. So how should we install and update software?
The Eclectic Light Company 