“In June, we announced that all Mac software distributed outside the Mac App Store must be notarized by Apple in order to run by default on macOS Catalina”.
What does “run by default” mean? Does this mean that the User can still option-click and Open or that they can use the System Preferences->Security & Privacy to run the app… or will those methods also fail after that date?
If a Catalina User has been running my unNotarized software will it stop running on Feb 3?
Yeah, it’s unclear for sure. But it may imply that you cannot run apps unnotarised even by using option-click.
But I think you can still disable Gatekeeper in the Terminal .
It is possible to disable the security restrictions and run your machine like the old days. This is an active step the user must perform to run the app. By default, the security restrictions prevent non-notarized software from running.
I’m not certain, but I think I heard that the right-click > Open thing must be done twice now to actually work. But what is really meant is what I’m referring to above, with the user’s ability to deactivate the security settings.
The statement is about the change in requirements to notarize. There’s no evidence to suggest apps will be re-quarantined. I wouldn’t think there’s anything to worry about.
I agree that this is a bit confusing…
It seems to me that people are asking again and agin about what’s changing on Feb 3 2020…
That’s why I have tried to explain how I understand that Apple-statement in another Post/Thread.
Notarization has been required for all new applications created since June 1st 2019. How Apple check this is beyond my knowledge.
If you currently get any warnings when Notarizing your application, they will become hard errors on the 3rd of Feb 2020 and cause rejections.
I don’t think that they’ll be re-quarantined; but it’s possible they may be checked again (at some point in the future) and fail to launch. Apple stated last year that they will start re-checking at some point, but to the best of my knowledge, they haven’t provided a time frame for this (although there is some speculation that this may already be happening).
I don’t think it is new applications (ie: when they are built). They appear to be looking at when the Developer ID certificate was generated and when the application was code signed.