| ▲ | probably_wrong 9 hours ago | |
This is my understanding after a moderate dive into the issue. Binaries in macOS have a signature and a set of flags. One of those flags is the "quarantine" flag that, when set, refuses to run your binary until some extra security checks have been performed (checking against a malware database, asking the user for consent, etc). Once this check is done, the flag is unset. Usually this flag has to be set by the app you use to download the binary - in most cases it would be the web browser, but here it would be Homebrew. They used to provide a --no-quarantine flag to prevent this bit from being set, but given some changes both in macOS and in the Homebrew project it's been decided to stop offering that option. You can still unset the flag by hand, no root required, but that's on you as a user. I believe this is a strong nudge in the direction of "for a user-friendly experience you should sign your binaries", but not a full ban. | ||
| ▲ | superkuh 8 hours ago | parent [-] | |
Or more explicitly, "for a user-friendly experience you should pay apple and ask them please to sign your binaries every year" | ||