On Sun, Feb 19, 2012 at 8:19 PM, Tom Murphy
Actually, what I was more concerned about was the ability to distribute a "full" Mac application, with a GUI, made with a method other than calling Haskell from Objective-C. It seems that *none* of these applications will be usable by anyone except users with all security settings turned off (it doesn't sound great in a user manual: "Every time you run this program, be sure to turn the malware-detector all the way off")
The reason I'm concerned is that having a security signature requires a membership to the Apple Developers program, which is exclusively for XCode [0]. Isn't it logical to assume that the signature-"bundling" process [1] occurs within XCode? (I'm assuming the "digital summary of the contents of the application" is a hash, which (I think) would imply that XCode-compilation would have to be the final step in the development chain)
On OS X, you can sign applications or paths using any certificate you like using the 'codesign' utility, including a .app bundle. If you're going to distribute an OS X application to average users, let's face it: you're going to give them an .app bundle. You can do it yourself with a self-trusted code signing certificate already. Building LLDB on OS X for example, requires self signing in this manner, because the debugging engine needs permissions granted by the signature (AFAIK.) Regular LLDB with XCode already comes signed by Apple, obviously.
Which (again, unless I'm reading it wrong) means that most Haskell OS X GUI work (incl. FRP) goes out the window?!
No. Just sign your .app bundle with your Developer ID cert using codesign after the build and bundling process, and it'll work unless they only have Gatekeeper enabled to allow Mac App store apps. There's nothing you can do about this if they have it enabled if you're not willing to put it on the store, other than advise them to disable it. If it's on the store, you've already paid for the developer license and signed it anyway. The only differences mountain lion adds is that now you must at least sign those applications which you intend to distribute to regular users by whatever means, but not put them on the App Store. That's really it at the core. And tech demos and code examples will never be relevant if the target is programmers really, because developers are just going to have it disabled (equivalent to the way OS X is now, in effect.) The only two things not clear at this point, at least to me, are: 1) Will Apple require the paid development program, as opposed to the free one, if you only want to self-sign applications with a cert they trust? 2) What will the default Gatekeeper setting in Mountain Lion be? These 2 factors will control whether or not you'd have to pay and the user impact. In an ideal world, you won't require the paid dev ID (I don't know the expense of giving out certs however,) and the default setting would be App store + Dev signed. Unfortunately we'll just have to wait and see on that note. -- Regards, Austin