Developer ID for digitally signing Apple OSX releases?

["Keith N. McKenna" <ke...@comcast.net>]

With the release of OSX Mountain Lion and its new Gatekeeper feature I 
wanted to ask if any thought had been given by the community of applying 
to Apple for a Developer ID. My limited understanding is that by signing 
the installation files with the Developer ID it automatically unlocks 
the gatekeeper and allows the application to run. Otherwise there is a 
short process that one must go through to change the security settings 
for the application allowing it to open.

Based on a question in the user mailing list I am adding a link to the 
Release Notes in the known problems section on how to make the required 
change.

Regards
Keith

Re: Developer ID for digitally signing Apple OSX releases?

["Keith N. McKenna" <ke...@comcast.net>]

Jürgen Schmidt wrote:
> Am Mittwoch, 1. August 2012 um 02:41 schrieb Rob Weir:
>> On Tue, Jul 31, 2012 at 7:23 PM, Keith N. McKenna
>> <ke...@comcast.net> wrote:
>>> With the release of OSX Mountain Lion and its new Gatekeeper feature I
>>> wanted to ask if any thought had been given by the community of applying to
>>> Apple for a Developer ID. My limited understanding is that by signing the
>>> installation files with the Developer ID it automatically unlocks the
>>> gatekeeper and allows the application to run. Otherwise there is a short
>>> process that one must go through to change the security settings for the
>>> application allowing it to open.
>>>
>>
>>
>> We'd like to do code signing, not only for Mac but for Windows as
>> well. Signed installers are the new normal and are expected by
>> browser, anti-virus scanners and increasingly by operating systems.
>>
>> Although we have volunteers willing to do the build integration work,
>> and funds available for acquiring certificates, we've been told that
>> individual Apache projects may not do their own signing. The Apache
>> Infrastructure team is trying to figure out some way that this can be
>> done centrally. But no estimate for when this will happen.
>>
> exactly and at the moment we can only wait, I have no idea how we can help further at the moment. Any ideas are welcome.
>
> In the meantime we should add a note about the new Gatekeeper of Mountain Lion. It's a one time ctrl-click or opening via the context menu. After that you can run it as normal without any further dialog from the system.
> I tried it out and forget to take screenshot to document it.
>
> Juergen

Juergen;

I added a short writeup to the 3.4.1 release notes and included a link 
to a Mountain Lion support article explaining it and how to make the 
required changes. The link was given by Larry Gusaas in the user mailing 
list in response to a question by a user contemplating updating to 
Mountain Lion.

Regards
Keith

Re: Developer ID for digitally signing Apple OSX releases?

["Rony G. Flatscher (Apache)" <ro...@apache.org>]

On 01.08.2012 06:08, Jürgen Schmidt wrote:
> Am Mittwoch, 1. August 2012 um 02:41 schrieb Rob Weir:
>> On Tue, Jul 31, 2012 at 7:23 PM, Keith N. McKenna
>> <ke...@comcast.net> wrote:
>>> With the release of OSX Mountain Lion and its new Gatekeeper feature I
>>> wanted to ask if any thought had been given by the community of applying to
>>> Apple for a Developer ID. My limited understanding is that by signing the
>>> installation files with the Developer ID it automatically unlocks the
>>> gatekeeper and allows the application to run. Otherwise there is a short
>>> process that one must go through to change the security settings for the
>>> application allowing it to open.
>>>
>>
>> We'd like to do code signing, not only for Mac but for Windows as
>> well. Signed installers are the new normal and are expected by
>> browser, anti-virus scanners and increasingly by operating systems.
>>
>> Although we have volunteers willing to do the build integration work,
>> and funds available for acquiring certificates, we've been told that
>> individual Apache projects may not do their own signing. The Apache
>> Infrastructure team is trying to figure out some way that this can be
>> done centrally. But no estimate for when this will happen.
>>
> exactly and at the moment we can only wait, I have no idea how we can help further at the moment. Any ideas are welcome.
>
> In the meantime we should add a note about the new Gatekeeper of Mountain Lion. It's a one time ctrl-click or opening via the context menu. After that you can run it as normal without any further dialog from the system.
> I tried it out and forget to take screenshot to document it.
>From another opensource project: they are contemplating of using a digital key service which would
enable them to sign their code for Linux, MacOSX and Windows, http://codesigning.ksoftware.net/..
Maybe infra is attempting to do somehting like them, otherwise they could check them out (or other
such services).

---rony

Re: Developer ID for digitally signing Apple OSX releases?

[Rob Weir <ro...@apache.org>]

On Wed, Aug 1, 2012 at 1:05 PM, drew <dr...@baseanswers.com> wrote:
> On Wed, 2012-08-01 at 06:08 +0200, Jürgen Schmidt wrote:
>> Am Mittwoch, 1. August 2012 um 02:41 schrieb Rob Weir:
>> > On Tue, Jul 31, 2012 at 7:23 PM, Keith N. McKenna
>> > <ke...@comcast.net> wrote:
>> > > With the release of OSX Mountain Lion and its new Gatekeeper feature I
>> > > wanted to ask if any thought had been given by the community of applying to
>> > > Apple for a Developer ID. My limited understanding is that by signing the
>> > > installation files with the Developer ID it automatically unlocks the
>> > > gatekeeper and allows the application to run. Otherwise there is a short
>> > > process that one must go through to change the security settings for the
>> > > application allowing it to open.
>> > >
>> >
>> >
>> > We'd like to do code signing, not only for Mac but for Windows as
>> > well. Signed installers are the new normal and are expected by
>> > browser, anti-virus scanners and increasingly by operating systems.
>> >
>> > Although we have volunteers willing to do the build integration work,
>> > and funds available for acquiring certificates, we've been told that
>> > individual Apache projects may not do their own signing. The Apache
>> > Infrastructure team is trying to figure out some way that this can be
>> > done centrally. But no estimate for when this will happen.
>> >
>> exactly and at the moment we can only wait, I have no idea how we can help further at the moment. Any ideas are welcome.
>>
>> In the meantime we should add a note about the new Gatekeeper of Mountain Lion. It's a one time ctrl-click or opening via the context menu. After that you can run it as normal without any further dialog from the system.
>> I tried it out and forget to take screenshot to document it.
>>
>> Juergen
>
> Hi,
>
> Installed the latest 3.4.1 build, as administrator, under Vista
> yesterday and started a few checks.
>
> Ran into this:
> http://lo-portal.us/aoo/temp/send-doc-warning.png
>
> I'm not totally sure on this but I assume that when the install files
> are signed it would take this away also - yes?
>

"Reputation" is based on several factors, generally proprietary to
each AV vendor.  Signing (or lack of it) can be one factor.  Another
one is how new the program is, and how many other users have already
installed it.  We generally get over this issue within a few days of
release, after we get a few 100 thousand users.

-Rob

> Thanks,
>
> //drew
>
>> >
>> > Regards,
>> >
>> > -Rob
>> >
>> > > Based on a question in the user mailing list I am adding a link to the
>> > > Release Notes in the known problems section on how to make the required
>> > > change.
>> > >
>> > > Regards
>> > > Keith
>> > >
>> >
>> >
>> >
>>
>>
>
>

Re: Developer ID for digitally signing Apple OSX releases?

[drew <dr...@baseanswers.com>]

On Wed, 2012-08-01 at 06:08 +0200, Jürgen Schmidt wrote:
> Am Mittwoch, 1. August 2012 um 02:41 schrieb Rob Weir:
> > On Tue, Jul 31, 2012 at 7:23 PM, Keith N. McKenna
> > <ke...@comcast.net> wrote:
> > > With the release of OSX Mountain Lion and its new Gatekeeper feature I
> > > wanted to ask if any thought had been given by the community of applying to
> > > Apple for a Developer ID. My limited understanding is that by signing the
> > > installation files with the Developer ID it automatically unlocks the
> > > gatekeeper and allows the application to run. Otherwise there is a short
> > > process that one must go through to change the security settings for the
> > > application allowing it to open.
> > > 
> > 
> > 
> > We'd like to do code signing, not only for Mac but for Windows as
> > well. Signed installers are the new normal and are expected by
> > browser, anti-virus scanners and increasingly by operating systems.
> > 
> > Although we have volunteers willing to do the build integration work,
> > and funds available for acquiring certificates, we've been told that
> > individual Apache projects may not do their own signing. The Apache
> > Infrastructure team is trying to figure out some way that this can be
> > done centrally. But no estimate for when this will happen.
> > 
> exactly and at the moment we can only wait, I have no idea how we can help further at the moment. Any ideas are welcome.
> 
> In the meantime we should add a note about the new Gatekeeper of Mountain Lion. It's a one time ctrl-click or opening via the context menu. After that you can run it as normal without any further dialog from the system.
> I tried it out and forget to take screenshot to document it.
> 
> Juergen

Hi,

Installed the latest 3.4.1 build, as administrator, under Vista
yesterday and started a few checks.

Ran into this:
http://lo-portal.us/aoo/temp/send-doc-warning.png

I'm not totally sure on this but I assume that when the install files
are signed it would take this away also - yes?

Thanks,

//drew

> > 
> > Regards,
> > 
> > -Rob
> > 
> > > Based on a question in the user mailing list I am adding a link to the
> > > Release Notes in the known problems section on how to make the required
> > > change.
> > > 
> > > Regards
> > > Keith
> > > 
> > 
> > 
> > 
> 
> 

Re: Developer ID for digitally signing Apple OSX releases?

[Jürgen Schmidt <jo...@googlemail.com>]

Am Mittwoch, 1. August 2012 um 02:41 schrieb Rob Weir:
> On Tue, Jul 31, 2012 at 7:23 PM, Keith N. McKenna
> <ke...@comcast.net> wrote:
> > With the release of OSX Mountain Lion and its new Gatekeeper feature I
> > wanted to ask if any thought had been given by the community of applying to
> > Apple for a Developer ID. My limited understanding is that by signing the
> > installation files with the Developer ID it automatically unlocks the
> > gatekeeper and allows the application to run. Otherwise there is a short
> > process that one must go through to change the security settings for the
> > application allowing it to open.
> > 
> 
> 
> We'd like to do code signing, not only for Mac but for Windows as
> well. Signed installers are the new normal and are expected by
> browser, anti-virus scanners and increasingly by operating systems.
> 
> Although we have volunteers willing to do the build integration work,
> and funds available for acquiring certificates, we've been told that
> individual Apache projects may not do their own signing. The Apache
> Infrastructure team is trying to figure out some way that this can be
> done centrally. But no estimate for when this will happen.
> 
exactly and at the moment we can only wait, I have no idea how we can help further at the moment. Any ideas are welcome.

In the meantime we should add a note about the new Gatekeeper of Mountain Lion. It's a one time ctrl-click or opening via the context menu. After that you can run it as normal without any further dialog from the system.
I tried it out and forget to take screenshot to document it.

Juergen
> 
> Regards,
> 
> -Rob
> 
> > Based on a question in the user mailing list I am adding a link to the
> > Release Notes in the known problems section on how to make the required
> > change.
> > 
> > Regards
> > Keith
> > 
> 
> 
> 

Re: Developer ID for digitally signing Apple OSX releases?

[Rob Weir <ro...@apache.org>]

On Tue, Jul 31, 2012 at 7:23 PM, Keith N. McKenna
<ke...@comcast.net> wrote:
> With the release of OSX Mountain Lion and its new Gatekeeper feature I
> wanted to ask if any thought had been given by the community of applying to
> Apple for a Developer ID. My limited understanding is that by signing the
> installation files with the Developer ID it automatically unlocks the
> gatekeeper and allows the application to run. Otherwise there is a short
> process that one must go through to change the security settings for the
> application allowing it to open.
>

We'd like to do code signing, not only for Mac but for Windows as
well.   Signed installers are the new normal and are expected by
browser, anti-virus scanners and increasingly by operating systems.

Although we have volunteers willing to do the build integration work,
and funds available for acquiring certificates, we've been told that
individual Apache projects may not do their own signing. The Apache
Infrastructure team is trying to figure out some way that this can be
done centrally.  But no estimate for when this will happen.

Regards,

-Rob

> Based on a question in the user mailing list I am adding a link to the
> Release Notes in the known problems section on how to make the required
> change.
>
> Regards
> Keith
>