So what does the certificate certify? I assume it notarizes the code with a certificate tied to an individual. So if the code turns out to be a virus, they know who to go after?
That the binary is checked by Apple.
If it has a virus, the binary won’t pass the notarization process, so it won’t be notarized.
You cannot notarize a malicious app:
“Notarization is a malware scanning service provided by Apple. Developers who want to distribute apps for macOS outside the App Store submit their apps for scanning as part of the distribution process. Apple scans this software for known malware and, if none is found, issues a Notarization ticket.”
This seems like something we should do for sure. Does anyone disagree?
Challenge accepted. /s
1 and 2
Who will be allowed to notarize copies of Syrius?
I’m having trouble finding fee information for this process. Is it $100/year to notarize and list on the AppStore?
To avoid revocation of our signing accounts, we may want to implement an internal code review process.
These are exceptions.
Yeah, they are exceptions, but I think we shouldn’t rely on the MacOS notary process for malware identification.
What about my other question?
Will you be notarizing your dev builds?
How do you feel about code review?
I’m here not to challenge you. I want to help you, if I can. Create value.
The purpose of notarization is to avoid the nasty popup dialog that prompts you to move Syrius to Trash.
The developer account is $100/year. I don’t know yet if we need a dev account to notarize apps.
We only need to notarize releases. Only stable releases will be opened by regular users that don’t know how to bypass the Move to Trash
dialog (System Preferences -> Security & Privacy -> General -> Open anyway
)
We need a paid developer account as per this blog post:
"You need either the paid membership in the Apple Developer Program or be invited to an Apple Developer Enterprise Program team with access to the proper certificates.
You cannot get the required certificates with a free Apple Developer account, unless you are member of a team that provides access."
We also need to adjust the building process by enabling Hardened Runtime.
Need LLC and website associated w/ that LLC.
it costs $100 for an individual and $300 for an entity. It requires a full doxing with drivers license, operating agreements, D&B registrations, proof of address.
I think for the moment an individual account is enough for the moment.
It’s easy if someone is willing to doxx. If not, different q.
I will consider this but only as an LLC. I’ll investigate further.
I’d be open to forming a joint LLC (or other entity type) for this purpose if that is of interest for the sake of getting this published. Perhaps also leveraging one of the more web3 friendly jurisdictions such as Catawba or Wyoming.
EDIT: Tagging @mehowbrainz here as well who will also likely need an entity of sorts for some of the marketing efforts: https://forum2.zenon.org/t/global-adoption-a-user-experience-and-regulatory-effort/1508?u=angelo_a_jr
CC: @LegalZNN what liability if any would the LLC have for the Syrius mobile wallet as just the publisher for the App Store? Can we absolve liability of the LLC since the underlying infra behind the wallet UI is all open source?
It would benefit for more than just this publishing to have some joint entity (501c3, LLC, DAO LLC, etc.) for Zenon community that can start to act in the “real world” for Zenon community initiatives.
I’m going to spend some time on this topic. I wonder if the Pillars can form a DAO in WY so we can engage with firms like Apple and others. I’m going to add this discussion over here too.
The more advancements we make the more we will need some corporate entity to do “stuff”. In the case of Apple, i needs to be “legit” with a website and org docs, etc…
I won’t be a part of any DAO or legal entity involving U.S.A. If Zenon succeed, they’ll try to grab whatever they can have a hold on. Build in the Seychelles.
There are a dozen of other crypto-friendly jurisdictions around the world.
Can you start another thread on this issue?
Good discussion on this issue here
“Assuming you are in the US, and depending on your state laws, you can go to your County Clerks office and file an Assumed Name for Unincorporated Business (DBA). That is enough to open a business bank account and use that name for the Apple Developer program. It also won’t have all your information plastered all over the place like LLCs/Corps (from personal experience with both)”
Not sure how legitimate that statement is though
I’m wondering if no one’s wants to dox can we just hire a developer for the sole purpose to publish Syrius under their apple developer ID