Is there any reason not to sign the current version? This usually only takes a few minutes.
libTurboActivate.dylib is unsignedAnswered
When trying to incorporate libTurboActivate.dylib into a Unity project on macOS, we get the following error:
“libTurboActivate.dylib cannot be opened because the developer cannot be verified."
codesign tells me that the file is not signed at all.
It is critical for dynamic libraries to be signed. If the dylib is unsigned, there is no way for us to know if the library is legitimate or if a hacker has accessed your server and replaced the original dylib with malware.
Answer
It is critical for dynamic libraries to be signed. If the dylib is unsigned, there is no way for us to know if the library is legitimate or if a hacker has accessed your server and replaced the original dylib with malware.
They haven't. Now you know.
The next versions will be signed.
Apple decided to create their own signing mechanism several years back that required using outsourced “legitimacy verification“ services that were poorly run (D&B) … because they are outsourced glorified phone-banks.
So, getting a special macOS-only cert was very low priority.
We recently acquired a cert, and will sign subsequent versions. No hard date. It’ll be out when it’s out.
Yes, multiple. A few are: We have pending changes, deploying updates takes time and resources, and you can code sign it yourself in the meantime.