https://www.lexaloffle.com/bbs/?uid=62223 <p>TL;DR are MacOS builds of Picotron (and Pico-8) intentionally distributed without code signing, and if so, would it be possible to inform users about this on the downloads page?</p> <p>I got this alert when attempting to open the Mac build of Picotron (Alpha) v0.2.0h3.<br /> Running codesign confirms (I hope?) that it isn't failing the check, rather it is not signed at all. </p> <div> <div class=scrollable_with_touch style="width:100%; max-width:800px; overflow:auto; margin-bottom:12px"> <table style="width:100%" cellspacing=0 cellpadding=0> <tr><td background=/gfx/code_bg1.png width=16><div style="width:16px;display:block"></div></td> <td background=/gfx/code_bg0.png> <div style="font-family : courier; color: #000000; display:absolute; padding-left:10px; padding-top:4px; padding-bottom:4px; "> <pre>codesign -vvv --deep --strict /Applications/Picotron.app /Applications/Picotron.app: code object is not signed at all</pre></div></td> <td background=/gfx/code_bg1.png width=16><div style="width:16px;display:block"></div></td> </tr></table></div></div> <p>Whether or not proper code signing/notarization is &quot;worth it&quot; is a discussion for a different day, but when not doing it, it is good practice to inform of this at the download stage. This way, users will know to expect this message which would otherwise be a serious sign of tampering, and the download page is also a good place to inform less savvy users of the workarounds required to get an unsigned app running.</p> https://www.lexaloffle.com/bbs/?tid=150635 https://www.lexaloffle.com/bbs/?tid=150635 Wed, 30 Jul 2025 19:44:22 UTC