Ryan Faas; Apple Doom-Sayer

/

Ryan Faas, in his continued fear-mongering:

Mountain Lion, on the other hand, gives developers a big incentive because not using code signing and not being part of the Developer ID program will likely lower sales for apps not sold through the Mac App Store. That puts Mac developers on a shorter leash and incentives membership in Apple’s Mac Developer Program. It also makes it much easier for consumers to ensure the integrity of apps and security of their Macs.

It increases security, and is free for developers, but it "controls" developers as your title insinuates? What is with your hate-on for Mac security? Any user who would care if their app is signed or not (or even be aware of what that means) will know how to turn off Gatekeeper. Stop with the link-bait headlines. Seriously.

OS X Mountain Lion Limits Apps to Mac App Store, Signed Apps by Default

/

Eric Slicka:

Apple's identified developer program does not involve any sort of vetting on Apple's part, as certificates are automatically issued upon request and can be freely used by the developers. But what the program does do is provide a way for Apple to link specific developers to specific apps and use Gatekeeper to revoke application functionality should a developer be discovered to be distributing malware.

Sounds to me like there are no downsides. Any reputable developer can register with Apple and distribute their apps freely. But… just to be safe… let's term this one:

GATEKEEPER-GATE!

Nailed it.

Another App Store Lock-Down Piece

/

Harrison Weber:

As you’ll see in Apple’s carefully worded explanation of Gatekeeper, each user is given the choice of deciding if they wish to allow non-App Store apps or not. But what’s the default setting going to be? In the screenshot provided by Apple, it looks like “Mac App Store and identified developers” is the default, and will likely go unchanged by the average, non-tinkering user.

The thrust of this piece by Weber is that Apple will eventually iOS-ify the Mac and force users (and developers) into the Mac App Store. This isn't going to happen. That will stop upgrades and it will slow growth. I, for one, welcome the change. I think the default setting is the right one and I can feel even more secure using my Mac than I do now. I use OnyX to scan new downloads from some third party site for potential threats — especially for programs that want my admin password. This will remove that fear. I'm very pleased. I'll be an early adopter for sure. Looks like a really solid release.

Gruber on Gatekeeper

/

John Gruber:

My favorite Mountain Lion feature, though, is one that hardly even has a visible interface. Apple is calling it “Gatekeeper”. It’s a system whereby developers can sign up for free-of-charge Apple developer IDs which they can then use to cryptographically sign their applications. If an app is found to be malware, Apple can revoke that developer’s certificate, rendering the app (along with any others from the same developer) inert on any Mac where it’s been installed. In effect, it offers all the security benefits of the App Store, except for the process of approving apps by Apple. Users have three choices which type of apps can run on Mountain Lion:

  • Only those from the App Store
  • Only those from the App Store or which are signed by a developer ID
  • Any app, whether signed or unsigned

The default for this setting is, I say, exactly right: the one in the middle, disallowing only unsigned apps. This default setting benefits users by increasing practical security, and also benefits developers, preserving the freedom to ship whatever software they want for the Mac, with no approval process.

Call me nuts, but that’s one feature I hope will someday go in the other direction — from OS X to iOS.

This is an amazing idea! I have my fingers crossed for iOS 6 this summer!