Can we stop pissing and moaning about notarization? macOS isn’t Linux and this isn’t 1994. Given the cybersecurity threats of the world today, signing by a central authority makes some amount of sense for apps on consumer OSes.
I agree that signing by a central authority makes sense. As the readme mentions, I don't have anything against notarization as a concept.
I specifically don't like how painfull Apple does it. (Google for "notarization hell macos")
This is my pet project that I do for fun and for free. Bowing my head to Apple every time I want to release a new version is not fun.
Waking up in the middle of the night, because Apple revoked the app (https://github.com/nikitabobko/AeroSpace/issues/167) is not fun.
AeroSpace is a tool for developers by developers. Developers can audit the code and install the app from sources
As long as Apple's glorious code signing scheme can still easily tricked by a single xattr call [1], I'm fine with it. I've just got a feeling that that won't be forever.
Signing by a central authority makes a lot of sense... if only that authority would sign off on the software being secure instead of the software fitting their current mood and business strategy.
