Only if one accepts the slippery slope fallacy that they'll eventually remove the "No unsigned code" option. The odds of this happening are, in my estimation, extremely low - it would make Mac software development basically impossible, and the use of Mac in educational establishments (with a lot of custom software) very hard. Heck, Apple are still sponsoring the OpenJDK port for OS X, which I doubt they'd be doing if they planned to entirely eliminate unsigned code from the platform.
The "No unsigned code default" has been coming for a while in mainstream computing, thanks to most users ability to blindly click anything attached to a random e-mail or downloaded from their favourite wallpaper site. Out of the options ("App Store Only" or some other signature system), I think they chose the right one. As long as the opt out is there, not only do I not have a problem with this, I'd suggest it's a positive step forward. The only change I'd want is to remove or massively reduce the cost of getting a developer certificate.
> Only if one accepts the slippery slope fallacy that they'll eventually remove the "No unsigned code" option.
Not at all, for several reasons. First, defaults are powerful things. The vast majority of users never change them, or even become aware that they can be changed. This remains true even if you throw an unskippable dialog box right up in their face -- lots of people will just blindly click "OK" to accept whatever the default in the dialog box is, without stopping to consider the alternatives. The result is that default settings tend to become "the new normal," even when they're sub-optimal.
(Example: why did IE6 rule the Web for a decade, despite being demonstrably inferior to the alternatives for most of that time? Because for nearly all users, it was the default.)
This seems especially true in the case of this particular preference, for two reasons. First, it's a technical question ("what's 'unsigned code?'"), which means many users will avoid changing it for fear that they don't fully understand the consequences of doing so. Second, it involves security, and users have been trained that in questions of security departing from "standard operating procedure" puts them at risk, so others will avoid changing it for fear that doing so will expose them to new vulnerabilities.
In other words, it's not unreasonable to expect that offering unsigned code will quickly become an infeasible strategy for OS X developers, even if users still have the option to accept such code. The option may be there, but those developers will find themselves marginalized simply for being something other than the default.
Apple doesn't need to remove the "No unsigned code" option, they just need to scare users into being too afraid to use apps that aren't signed. And then your unsigned app, should you choose to try and distribute it, is in the same category as MacDefender and YourComputerIsInfected.
Apple is probably making the right decision for its users, but I still feel there is something we're losing here.
Removing the "No unsigned code" option is not possible today, I agree. But one day in the future when 99% of apps are signed, because it's free right, so who wouldn't? We find ourselves in a completely different scenario... Is the freedom of that 1% of apps more important than protecting users?
Well, like the article says, signing-only developer certificates are free now. You only need to pay for it if you are planning to distribute through App store.
If Apple did that they'd kill the devotion from the development community. They may end up making App Store only the default option, but I have trouble seeing a day where you can only install Apple certified software on your Mac.
Overnight they'd lose many thousands evangelists and unpaid tech support staff (ever help a family member with their Mac?).
If Apple did that they'd kill the devotion from the development community.
Like with iOS? Hackers will be annoyed, but Apple doesn't care about them when there are more than enough developers who are either in it for the money or who agree with Apple's position.
iOS started off as a closed environment unsuitable for development. As a web developer on the Mac I'm constantly using cross-platform command line programs, system utilities, and other development tools that would never make it through an Apple vetting process. If Apple killed the ability to install those programs in an update, I would absolutely have to abandon the Mac, and I'm sure I wouldn't be alone.
However, from Apple's perspective, if there are "enough" developers who can't or won't leave (because they develop Mac software or iOS software or both), Apple might not care if you do.
They might make it harder to select the third option, but they won't ever remove it -- they're not suicidal.
And it's not like the signing process is particularly onerous -- it won't represent even the slightest barrier or inconvenience to shareware, freeware or open source app distribution.
Yeah, well, until that happens, this is great and I'm all for it. What a simple way to improve dealing with the open attack vector that is "the user being able to install their own software". I wish they had this flexibility on iOS.
