Comment: (emphasis: mine) I think that this means that if you don’t use script files and only use regular Mach-O executables, then code-signing doesn’t rely on extended attributes, but if you do, it would. This is relevant as extended attributes require (I think) and HFS+ filesystem, and are not supported by other formats such as TAR and ZIP. I don’t use any script files, so I’m hoping this means that I can use ZIP or another format?
Comment: This is interesting, as it provides a way to put some “out-of-band” data into your app, though it also probably requires HFS+ filesystem.
There was a discussion a while ago where a Xojo engineer explained precisely why Mac bundles generated on Windows where packed into a tar archive to protect the symlinks and other peculiar aspects of the Mac file system. That was in a discussion where a user had unpacked the Tar and was wondering why some things were broken.
Unfortunately, I cannot locate that at this moment. Maybe someone from Xojo can chime in.