From today, 3 February, Catalina 10.15.3 finally reaches what Apple had intended to be its launch point: all newly-built apps and command tools for Catalina are now required to be both hardened and properly notarized. This doesn’t mean that you can’t run apps or tools which aren’t, indeed you can still run completely unsigned apps if you wish. But if an app has been signed from today onwards and you expect it to pass Gatekeeper’s full first run checks, hardening and full notarization are no longer optional.
When Apple first announced this change at WWDC in early June 2018, it was anticipated that there’d be a period of a year or so during which developers ported their apps and workflows to incorporate these two requirements, so that when 10.15 was released in the autumn/fall of 2019, all new apps would comply.
I started setting the hardened option on my apps and submitted them to Apple’s Notary Service for malware checking in the summer of 2018, and by the time that Catalina was released last October they were all fully compliant. I’m fortunate in that most of my apps are, as apps go, relatively simple. They’re all developed in Xcode using Swift. Hardening is just a matter of opting in, and notarization generally takes a few extra minutes at the end of building for release.
Other developers had a much tougher job. Those using other SDKs had to develop their own scripts and tools to handle these requirements. In some cases, where a developer relies on external code such as libraries, there appeared to be insurmountable problems. I have five command tools among my free software, and although getting them notarized isn’t that hard, it took me a good while to work out just how to do it.
Read more at EclecticLight.co