Distributing Mac software is increasing my cortisol levels

Original Article ↗ Hacker News Discussion ↗

Gatekeeper UX and User Control

  • Many find Gatekeeper’s flow (blocked launch → System Settings → allow) excessive, especially after removal of the old “right‑click → Open” bypass.
  • Others argue it’s acceptable friction that forces users to pause before running unknown code and prevents mass “click‑through” behavior.
  • Some say “just disable Gatekeeper” via spctl --master-disable, but others counter this is hidden, now requires extra UI steps, and is unrealistic to expect from non‑technical users.

Signing, Notarization, and the $99 Developer Fee

  • The signing + notarization + stapling pipeline is widely described as confusing, brittle, poorly documented, and multi‑step.
  • The annual $99 fee is seen as a serious barrier for free/open‑source or tiny‑audience apps; regional pricing makes it worse in some countries.
  • Several recount ID‑verification nightmares: repeated failures, name mangling, or even being permanently locked out of the program.

Security vs. Lock‑In and Business Incentives

  • One side frames Gatekeeper and notarization as necessary defenses against increasingly common malware; barriers and identity checks deter some attackers.
  • Critics see a false choice: “trust only Apple” vs “trust everyone.” They want more granular trust (e.g., per‑app overrides, third‑party trust stores) without disabling protections globally.
  • Many suspect the real goal is funneling users to the App Store and preserving Apple’s 30% cut and service revenue; others argue $99 itself is not a major profit source.

Comparisons: Windows, Linux, Android, iOS

  • Windows: code‑signing certs are even more expensive; SmartScreen still warns until “reputation” builds. Some prefer this to store lock‑in, others call SmartScreen devastating for indie devs.
  • Linux: no central gatekeeper, but binary distribution across distros is described as its own packaging nightmare.
  • iOS and (increasingly) Android are cited as stricter, with essentially no unsigned app path for normal users.

Impact on Hobbyists and Open Source

  • Several devs abandon macOS as a target for hobby tools and small OSS due to friction and recurring fees.
  • Some suggest shared or collective signing, or free/cheap dev IDs for free apps, but note this likely conflicts with Apple’s policies.

Workarounds and Alternatives

  • Suggested paths: use Homebrew (though its own policies and quarantine behavior are controversial), .pkg installers, curl‑piped install scripts, or simply target other platforms (Linux/Windows) instead of macOS.