Is there some reason that Steinberg is not code signing its apps?
Currently, we sign our distribution packages (our .dmg files, etc.) but not the installers or the components inside them. We are aware that as Apple tightens its security model in each successive version of macOS, it will become difficult or impossible to run applications that are not signed. We plan to sign more of our deliverables in future. We do not anticipate issuing signed versions of older versions of our applications, however.
I’m happy to assume that Dorico is a ‘reputable’ app, and wave it through Gatekeeper if needs be.
As an ‘amateur software developer’ and user of a variety of unsigned software, I would find the prospect of unsigned apps being forbidden on MacOS to be somewhat concerning.
Ben, as a developer, I’m sure you are aware that code signing provides more protection than just gatekeeping.
For those who may be interested, here is a benefit list from Apple’s own developer documentation.
The first one listed is, I think, the most important benefit:
“Ensure that a piece of code has not been altered since it was signed. The system can detect even the smallest change, whether it was intentional (by a malicious attacker, for example) or accidental (as when a file gets corrupted). When a code signature is intact, the system can be sure the code is as the signer intended.”