Distributing Mac software is increasing my cortisol levels
LorenDB
252 points
174 comments
May 09, 2026
Related Discussions
Found 5 related stories in 92.1ms across 8,303 title embeddings via pgvector HNSW
- Make macOS consistently bad unironically speckx · 357 pts · March 27, 2026 · 50% similar
- Apple is enforcing an old App Store rule against a new kind of software iristenteije · 71 pts · May 06, 2026 · 46% similar
- Package Managers Need to Cool Down abdelhousni · 15 pts · March 25, 2026 · 46% similar
- Anthropic Cowork feature creates 10GB VM bundle on macOS without warning mystcb · 357 pts · March 02, 2026 · 46% similar
- Apple: Enough Is Enough speckx · 57 pts · March 05, 2026 · 45% similar
Discussion Highlights (20 comments)
a2tech
Try to open the file, say ok to the ‘can’t check for malware’ prompt, go to settings, security, approve running the software. Annoying, but if you’re delivering your app to semi-technical users, not really a problem.
dcrazy
Notarize the application and staple the receipt to your app bundle. It won’t trigger the Gatekeeper warning.
syassami
Siri has the same effect.
Wowfunhappy
Any user who does not like Gatekeeper can turn it off on their machine in ten seconds by running this in a Terminal: sudo spctl —-master-disable People will say, no, that’s too big a hammer, it’s not safe… but then, like, what do you actually want? Either you keep Gatekeeper because you like the friction it introduces, or you don’t like that friction and you should go turn it off. Pick one, you obviously can’t have both! Of course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it. P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice. P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them. Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.
arusahni
My favorite is when someone discovers they haven't yet granted Zoom screensharing permission, and that they need to exit the call to re-launch the application with the permission granted.
avhception
> I'm sure that other countries also have plenty of similar services for ID and age verification laughs in Bundesdruckerei
petra303
> I can use SmartID to verify my ID (and age) in about 20 seconds when buying an energy drink at the local grocery store Where do you have to show ID for that??
bloppe
I don't get the part about Homebrew. If you're using Homebrew, it doesn't make a ton of sense to use Itch.io. Just use Homebrew. Seems like a more appropriate place to distribute a dev tool anyway. You could set up a patreon and print a link to it when appropriate. That's basically what Vim does. I agree that Apple is dumb of course.
stephc_int13
I am not entirely against the whole notarization thing. If it is good for the end-user, it is usually also good for the ecosystem a a whole, trust is valuable. But ffs, they are rich enough to make this a lot less painful and hostile for developers. And this is not a new thing, I used to develop games for iOS, from the very beginning, and while the process somewhat simplified over time, it was a huge cortisol inducing process, not to mention the regular forced OS+SDK updates where the procedures changes almost every time and could fail in not-so-evident ways.
TrajansRow
So, Linux gets a free pass for requiring chmod +x to run his tool, but needing to run xattr on MacOS is somehow worthy of an entire blog post to complain about it? Serious question - Is it really true that Windows 11 will run an untrusted .exe without a warning?
drcongo
I went through this recently. Got as far as verifying my identity, which Apple happily accepted as verified from my UK driving license. Unfortunately, they then automatically set my first and last name from that identity verification step, and some how managed to use a section of my driving license number as my surname - a string of random uppercase letters and numbers - and it's impossible to edit it. So fuck them, that's $99 they've lost.
hmokiguess
Tangential but this made me appreciate how Gatekeeper is perhaps a notorious example of a great naming choice for a piece of software.
LoganDark
Apple's ID verification failed for me and I am now banned for life. There is no opportunity to appeal this or to ever participate in the Developer Program for me. Which sucks because I am now permanently locked out of developing seriously for any of the Apple ecosystem, ever.
erelong
It's a backwards walled garden which I mostly avoid to avoid problems like this
hermitcrab
I have been developing software for Macs and PCs as an Indie for 20 years now. I sympathize with the author of the post. You get the feeling that Apple thinks you should be grateful that they allow you to develop apps for their platform. The author didn't mention Apple's contempt for backward compatibility. Apple like to regularly nuke their entire developer system from orbit. Try running an app developed 10 years ago on the latest version of macOS. It probably won't run. Microsoft are much better at backward compatibility and they don't force you to join a developer program. But you get totally reamed every time you have to update your authenticode digital certificate for Windows. Just the digital certificate will cost you more than $99 per year. It is a total racket.
a_t48
Maybe I'm too dumb, but I haven't figured out a good way to sign just a binary (or a tar/zip containing a few binaries). I zipped up the binaries, sent them off to Apple, Apple comes back and says "yup, notarized!", and they still trigger the popup. I'm probably missing a step. I guess I'm not currently stapling the ticket to the binary, but supposedly you don't have to if you are running with a network connection.
JanisErdmanis
Sometimes I wonder why we don't just treat an installation script like curl https://alx.sh | sh as a universal option for distributing applications. The provenance is there via the HTTPS certificate, and if you're already about to trust an application that can compromise your system, why not trust the installation script as well?
codedokode
It's interesting that sanctioned Russian banks still find the ways to push their apps into Apple repository by disguising them as a different app. They get removed several months later, but I assume it is done only because someone complains.
Rendello
I love when my Mac declares random PDFs malware and deletes them when I try to open them. On two occasions I've been completely dumbstruck when the software I was using was deleted out from under me. I'm not a fan of the overuse of "gaslight", but it sure felt like that when I had to restart Docker and the OS was like "what do you mean, Docker? You've never had Docker installed! What are you talking about? Are you feeling ok?" https://news.ycombinator.com/item?id=42649790
ofek
I shared the author's frustration when figuring out how to ship such binaries to end users so I wrote a guide [0] detailing exactly how to do it. Apple's documentation is surprisingly poor and I couldn't find any blog posts so I ended up reverse engineering what works via trial and error as well as popular OSS projects on GitHub. [0]: https://ofek.dev/words/guides/2025-05-13-distributing-comman...