Installer Package Not Signed or Notarized #419
Description
Hi:
The installer package for Mac installation is not signed or notarized and displays an error message to user. I know that you can workaround this issue, but control clicking the installer package and clicking "Open" with administrative credentials
But, the notary service maintains an audit trail of the software distributed using your signing key. If you discover unauthorized versions of your software, you can work with Apple to revoke the tickets associated with those versions.
These issues will not only caused confusion and security concerns with these installer packages, but will cause issues with automation tools like AutoPKG and Installomator to discover, install new releases.
FYI, you can check installer packages are signed by using pkgutil command:
pkgutil --check-signature /Users/ACCOUNT_NAME/Downloads/Seg3D2-2.5.1-Darwin.pkg
Package "Seg3D2-2.5.1-Darwin.pkg":
Status: no signature
And check for notarization:
spctl -a -vvv -t install /Users/ACCOUNT_NAME/Downloads/Seg3D2-2.5.1-Darwin.pkg
/Users/ACCOUNT_NAME/Downloads/Seg3D2-2.5.1-Darwin.pkg: rejected
source=no usable signature