[Bf-committers] Preparing Blender for GateKeeper

[Mike Erwin]

"Gatekeeper is a major security feature in Mountain Lion that gives
us^H^Hyou control over which apps can be downloaded and installed on
your Mac."

Here's the best explanation and analysis I've found regarding
GateKeeper, from long-time (and well-respected) Mac developers Panic:
http://www.panic.com/blog/2012/02/about-gatekeeper/

In a nutshell: GateKeeper differs from the app store in that Apple
does not review the software, does not control its distribution, and
does not take a 30% cut. They're basically a certificate authority in
this case and nothing else.

On the surface I see no conflicts with the GPL. The artist/developer
community can still use, share and modify blender to the same extent.
If they want to distribute modified binaries (on graphicall for
instance), they can either sign them or leave them unsigned.

Should we comply and sign official blender builds? Yes. There's no
reason to scare our users right out of the box. Learning the hot-keys
is scary enough!

I personally think it's tacky to scare your customers "Windows Vista"
style, especially the way Apple scares them toward the app store (for
their safety, has nothing to do with the 30%, right?), but that's
Apple's call. As a long-time Mac user, I hope GateKeeper is as far as
they go, that it's not just the first step away from freedom.

Mike Erwin
musician, naturalist, pixel pusher, hacker extraordinaire



On Fri, Mar 30, 2012 at 10:57 AM, Kent Mein <mein at cs.umn.edu> wrote:
>
> On Mar 30, 2012, at 9:28 AM, Benjamin Waller wrote:
>
>> Actually the important point here is, that the default setting in OSX
>> 10.8 (Mountain Lion) will be to only allow signed software. (the user
>> can allow to run any software in the system settings, but probably a
>> lot of users would have trouble to start blender.)
>> atm, a developer can only sign an app, if he is member of the mac
>> developer program (99$/year) (at least I didn't find a way to get the
>> necessary developer id without signing up for that program).
>> I believe, Apple stated, the registration to sign an app would be free
>> in the future (probably when 10.8 is released).
>>
>> Anyone who compiles custom builds of blender would have the same problem.
>> I guess, those who use builds from graphicall.org or create their own
>> are the more advanced users and would disable the gatekeeper function.
>> But in my opinion, the official blender release should be signed.
>>
>> Benjamin
>
> Just to clarify, I'm pretty sure signing up for the developer program is free, but
> you can't sign apps for other people unless you shell out the $99.  I don't remember
> the terminology they used when I signed up.
>
> I didn't shell out the $99 and I can download developer tools etc with my account.
> Not sure if I can sign anything though.  I'm guessing our platform maintainers have
> at least the same status as myself.
>
> Kent
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers