Page 1 of 1

MakeMKV is not signed with Developer ID, but how about GPG?

Posted: Mon May 19, 2014 3:16 pm
by Ravenwood
So MakeMKV is not passing Gatekeeper, because it is not signed with a Developer ID:

https://developer.apple.com/developer-id/

I'm guessing this centralized ID system is avoided because of the legal status of ripping programs in most countries (correct me if I'm wrong).

So, why not use a decentralized signing system like GPG? That is what the Tor Browser is using. Simply provide a signature along with the DMG file. That way I can verify that the software has been signed with the right key. Of course, I still have to trust this key to begin with... but at least I only have to trust this key once, when I download it. As it is now, I have to "renew" my trust every time I download the software.