[tlbuild] potential TeX Live issue for Mac OS X 10.8

[Richard Koch]

Nelson,

There are two layers to the signing issue. The first
concerns individual programs, and the second concerns
install packages.

Let's take programs first. If a program is downloaded over
the internet today and then run, the Mac puts up a dialog
saying something like "This program was downloaded over the
internet. Are you sure that you want to run it?" In Mountain Lion
(depending on user Preference settings) the Mac simply refuses to
run unsigned programs downloaded over the internet. 

In both cases, once a program runs, it is marked as OK and
not checked again.

This does not affect programs installed from a CD, or obtained by
transferring from another machine over wireless, or transferred
by a memory stick. And it certainly does not affect programs compiled
from scratch on the machine.

Some of the programs we install are already signed. Others aren't. 
But if the install package is signed, then programs it installs don't need
to be signed.

---------------------

Install packages are treated similarly. An install package obtained over
the internet must be signed on Mountain Lion. Install packages on
a CD, or transferred from another machine need not be signed.

Signing MacTeX install packages turned out to be tricky. The old style
packages we've supplied up to now cannot be signed. But the new style
"flat packages" created by newer versions of Apple's PackageMaker
can be signed, and all the packages constructed this year are already
signed.

Since the new install packages are flat files, they don't have to be zipped
for the internet. That's a major advantage because one of the major problems
we fact currently is that users unzip with a third party program and then cannot
install.

-------------------

Incidentally, Apple is aware of TeX. I was contacted by an Apple engineer
who wanted to make sure that MacTeX would be signed in time for
Snow Leopard.

Dick Koch