This dialog makes me very, very glad I have moved the vast majority of my users off of downloadable software. That's going to cause a lot of "Why did your Googles download me a virus?!?" complaints.
What's coming for apps may in turn come for the Web. With the commotions around link sites, piracy, and pedophilia, a similar "must be signed/registered with us"-type restriction for accessing specific Web sites isn't a particularly tin foil hat idea now.
Yes, and that would be as simple as disabling HTTP in the commercial browsers (allowing only HTTPS.) The remaining handful of nerds who compiled their own browsers would require far fewer resources to track.
Note to self: don't buy a SSL certificate from GoDaddy.
It might be aggressive to suggest you put it immediately into the trash, but "... has not been signed by a recognized distributor and may damage your computer" is totally accurate.
The suggested "The app Adium hasn't been checked by Apple. It can't be trusted. Use the App Store to find trusted apps." is less scary, but more inaccurate. Apple doesn't check signed apps - they only issue the certificates. The app store is also not the only place to find trusted apps, which a major point behind the Gatekeeper system.
It's accurate but overly technical and unnecessarily frightening. You shouldn't be using terms of art anywhere in your copy unless that's the language your audience speaks, too.
The average user will think they're about to get a virus or do irreversible damage to their computer, both of which are very, very far from the truth.
It's as bad as this type of error dialog:
+---------------------+
| |
| |
| An error occurred |
| |
| [ OK ] |
+---------------------+
What am I supposed to do with that? It provides no information and doesn't give me the opportunity to fix the (very mysterious) problem.
In some ways this is worse because while the dialog is technically accurate, the presentation will alarm anyone who doesn't understand exactly what's happening.
tl;dr: Imagine if your grandma saw this error message. How would she react?
> The average user will think they're about to get a virus or do irreversible damage to their computer, both of which are very, very far from the truth.
Very far from the truth, today, when this is a brand new beta that Devs are just getting their hands on.
But 6 months from now? A year? It's not going to be long before an unsigned binary probably is a trojan or similarly untrustworthy. It's not like Adium isn't going to be signed by the time Mountain Lion ships.
> tl;dr: Imagine if your grandma saw this error message. How would she react?
She'd freak out and throw it in the trash -- which is exactly what I want her to do with unsigned binaries.
There's really no analogy with the "An error occurred" dialog. We want to scare users away from blindly trusting binaries from the internet. "An error occurred" serves no similar purpose in training the user.
I doubt trojans will bother with unsigned binaries. I suspect they'll just do some sort of "social engineering" to get all the developer certificates they want.
Or maybe we'll see malware distributed in source form. That could be nasty if the development environment gets compromised. Probably more dangerous than a compromised website.
I guess I simply disagree. I want the copy to be aggressive and unfriendly, and I'm happy there's no "Continue, and shoot myself in the foot" button for users to fixate on.
"You shouldn't be using terms of art anywhere in your copy unless that's the language your audience speaks, too."
In general, that's good advice. However, when it comes to security, and if you're an OS vendor, you don't really want to enable your users' continued ignorance. The concept of digital signatures needs to be a part of normal computer use.
Sure, but it's like each time you meet a stranger telling your kids the stranger "may hurt you". It's not a path everyone wants to go down (though, sadly, there are parents destroying the fabric of society by fostering their kids' paranoia.)
"May damage your computer" is accurate, but alarmist and misleading. It will dissuade more good software installations than it prevents bad installations, and it will raise distrust of computers and lower computer aptitude and overall understanding.
Personally, I disagree with it because it continues Apple's strategy of intellectually hamstringing its users. This could instead be turned into a powerful educational tool: "We recommend that you find a computer user to explain this error to you" or "Follow this wikipedia link to the page about gatekeeper to learn more about this and to find links to explanatory material".
I doubt that will work. Even ignoring "a computer user" ("That's me" would be the rightful reaction), the phrase "We recommend that you find a computer user to explain this error to you" more or less is synonymous with "We think you are too dumb to understand what is going on.". Some of them may be, but that is not a way to treat your customers.
Also, let's say they call you. I expect that, most of the time, this will be more or less what the call will look like:
You: "Hi."
User: "There was some window on my screen."
You: "What did it say?"
User: "I don't know. I clicked it away."
You: "What were you doing?"
User: "Nothing."
Also, that Wikipedia page is a bad idea. It should be a page that Apple controls.
> "May damage your computer" is accurate, but alarmist and misleading.
I disagree, it causes users to do exactly what they should be doing, being weary of installing a random App package. On top of that, it's very similar to the warnings most major browsers throw when they encounter a file they don't recognize.
It's no more alarmist than IE telling you it doesn't recognize the file you just downloaded, so be careful.
> Personally, I disagree with it because it continues Apple's strategy of intellectually hamstringing its users.
That's one way to look at it. A significantly more accurate way to look at it would be to take any average user, sit them down at an XP desktop and get them to rattle off things they see as unnecessary or overly complicated.
Call it whatever you want, in reality it's taking real user interaction to heart instead of assuming we can somehow educate our way out of problems that we have been struggling with since the dawn of computing.
For example, I can't believe how many people seethed hatred over Versions in Mac OS X Lion. Months before that they were most likely cursing the document model and all the headaches it caused them.
I love this assumption that one day, it will just click in everyone's heads. They will just save reflexively without considering, just like they will all fully understand code signing and will seek out additional information on the subject.
Give me a break. Those models are broken, and we've had years and years to prove it. Re-thinking these basic computing concepts that average users have been screwing up for years isn't intellectually hamstringing anyone, on the contrary it's what will make computing comfortable for the masses instead of just bringing it to them and hoping for the best like we do now.
What actually intellectually hamstrings people? The fear they have of their computer, of doing something wrong, of making an irreversible change they don't understand, or installing malware. Tackling that is extremely ambitious, and kudos to Apple for actually trying instead of making excuses like most others do.
> "We recommend that you find a computer user to explain this error to you"
Really condescending, as well as inaccurate. They're using the computer, correct? Then they are the "computer user", end of story.
> "Follow this wikipedia link to the page about gatekeeper to learn more about this and to find links to explanatory material"
So now we're adding complexity by requesting that they learn about the concept of signed and unsigned code, instead of simply being weary of unsigned apps?
Everyone is quick to criticize the dialog, but their suggestions are more convoluted and inaccurate than the actual message.
>What actually intellectually hamstrings people? The fear
they have of their computer, of doing something wrong, of
making an irreversible change they don't understand, or
installing malware. Tackling that is extremely ambitious,
and kudos to Apple for actually trying instead of making
excuses like most others do.
You... really believe that adding a wordy "this guy didn't ask for our approval, delete program now" dialog box is "extremely ambitious"? In the only direction in which this is ambitious, is in handing over even more control to Apple, something which iOS showed us that developers for the Apple ecosystems are more than willing to do, no matter how draconian the terms. Other than that, it's just a harsher version of what every OS does already.
On Linux, the custom is to write downloaded files without the executable bit... if you decide to veer from trustworthy or at least publicly-signed channels of distribution; on Windows, you get a similar dialog, but not with an imperative to erase any application which lacks a certificate by Microsoft.
I don't see much of re-thinking of anything here, nor a liberating whatever for the masses.
> You... really believe that adding a wordy "this guy didn't ask for our approval, delete program now" dialog box is "extremely ambitious"?
Is that what I said? Because I think I said that attempting to tackle the fear people have with their computers is extremely ambitious. This dialogue box is one part of a clear effort on Apple's part to do that, so I applaud it.
> In the only direction in which this is ambitious, is in handing over even more control to Apple, something which iOS showed us that developers for the Apple ecosystems are more than willing to do, no matter how draconian the terms.
Or that not all developers are as overly dramatic and full of shit as you are, but whatever.
> Other than that, it's just a harsher version of what every OS does already.
You mean those "other OSes" that are constantly under threat of malware? Yeah, I wonder where the idea came from that a harsher strategy would be better?
> On Linux, the custom is to write downloaded files without the executable bit... if you decide to veer from trustworthy or at least publicly-signed channels of distribution
Right. So in other words, on the default setting a user can easily install compromised software via a social engineering attack, or with a compromised USB key or other removable media? Great job, you've improved nothing and solved nothing.
> I don't see much of re-thinking of anything here, nor a liberating whatever for the masses.
Go figure. I doubt the Hacker News community could identify improved user interaction/reduced user anxiety if it bit them in the ass.
We'll make a deal then. Apple will do this, and sell more Macs than ever before. You'll insist they'll should do otherwise, throw a fit when they don't, insist users are idiots when it works perfectly and sells like gangbusters, and then act like it didn't change anything and was no big deal when eventually this is how all desktop operating systems work.
> Or that not all developers are as overly dramatic and full of shit as you are, but whatever.
I'm redeemed in that I don't hoard all of the shit, it seems.
> Right. So in other words, on the default setting a user can easily install compromised software via a social engineering attack, or with a compromised USB key or other removable media? Great job, you've improved nothing and solved nothing.
I disagree. Signed repositories, warnings and disabling downloaded binaries are good measures for protecting against trojans and worms, while not scaremongering your users or sullying the image of the developers. I'm not sure about the removable media, but you may have a point there. Yet you speak as if this system were immune against social engineering. It will only be if and when Apple decides to remove the option to run any foreign unsigned programs.
> Go figure. I doubt the Hacker News community could identify improved user interaction/reduced user anxiety if it bit them in the ass.
You call a "Your computer is under siege!" message an 'improved user interaction' that will 'reduce user anxiety'?
> We'll make a deal then. Apple will do this, and sell more Macs than ever before. You'll insist they'll should do otherwise, throw a fit when they don't, insist users are idiots when it works perfectly and sells like gangbusters, and then act like it didn't change anything and was no big deal when eventually this is how all desktop operating systems work.
Have you considered a position in Smashing Magazine?
> while not scaremongering your users or sullying the image of the developers.
Warning against unsigned apps being potentially harmful is not scaremongering, it's the entire purpose behind code signing. I couldn't care less about "sullying the image of developers" and I bet Apple agrees.
> Yet you speak as if this system were immune against social engineering.
No, I speak as if this system were MORE resistant to social engineering than all other desktop operating systems, which it is. It's also a step in the right direction, towards a system that is immune.
> It will only be if and when Apple decides to remove the option to run any foreign unsigned programs.
I imagine this is how it will end up in the future, the 3rd option will be removed from Gatekeeper. Frankly that doesn't bother me. As long as Gatekeeper retains the "signed, but independently distributed and not reviewed" option and Apple doesn't abuse it, I'll continue using OS X.
> You call a "Your computer is under siege!" message an 'improved user interaction' that will 'reduce user anxiety'?
Right, because all benefits and downsides of code signing are fully represented in this one dialogue box. Give me a break. I'm not even going to bother to rebut this, I just hope you'll think it through for two seconds before responding again.
> Have you considered a position in Smashing Magazine?
Not familiar with the publication. I just call them like I see them. Every effort Apple has made towards simplifying user interaction has met with that response, and every time Apple has been proven right and played out exactly like that. I don't know why people can't just give them the benefit of the doubt at this point.
It's no more alarmist than IE telling you it doesn't
recognize the file you just downloaded, so be careful.
Except that IE still presents you with a "Run" button. This just... stops you.
Condescending
Sure. Poorly worded on my part. However, I have little sympathy for people that get offended when they're told that they're out of their depth. If someone tells you that you don't know what you're doing, you either have a refutation ready or you actually don't know what you're doing. Getting angry is counterproductive and will only let you wallow in your ignorance. Either acknowledge your ignorance and go on with life or prove them wrong.
Everyone is quick to criticize the dialog, but their
suggestions are more convoluted and inaccurate than the
actual message.
Because I tried to present an alternative other than "just get rid of it", which is really the right thing to do.
> Except that IE still presents you with a "Run" button. This just... stops you.
IE 9 presents you with no such button if the file isn't trusted. You have to go and manually navigate to the Downloads folder to launch it.
> However, I have little sympathy for people that get offended when they're told that they're out of their depth.
So your solution is to change basic human nature and make it so people aren't embarrassed by their ignorance? Good luck with that one.
> Because I tried to present an alternative other than "just get rid of it", which is really the right thing to do.
You say so, but yet you haven't presented a compelling reason why. Getting rid of it is the right thing to do, it's an unsigned program downloaded by a user who hasn't changed the Gatekeeper settings. It looks a little odd not because of how few apps are signed, but it won't in time.
Besides, your alternative suggestions do nothing but demonstrate why it's a bad idea to implement this any other way. They add complexity, insult users flippantly, and are poorly thought through.
apps that have been signed by a recognized distributor may also damage your computer; the signature isn't proof against errors or intentional maliciousness. So that wording is ridiculous.
And 'It can't be trusted.' Really? That's ridiculous too. It's entirely possible it could be trusted. There's lots of software that Apple hasn't signed which is trusted and has been for decades.
This dialog just confirms suspicions. The intent is clearly and explicitly to throw FUD on, wall off and eliminate non-Apple-approved software.
> apps that have been signed by a recognized distributor may also damage your computer; the signature isn't proof against errors or intentional maliciousness. So that wording is ridiculous.
Right, that's a way better wording. "Oh, and signed apps could harm your computer too and also can't be trusted. Guess you're fucked then!"
I wonder why I leave with the impression that you are just looking for things to nitpick because you don't like Apple as opposed to offering a genuinely helpful suggestion?
> This dialog just confirms suspicions. The intent is clearly and explicitly to throw FUD on, wall off and eliminate non-Apple-approved software.
...Well, duh. Did you encounter anyone with a different impression? Also, what suspicions? Is it surprising to you that Apple is on a path to disallow unsigned code?
This is the way forward people. Assuming malware will stop being a problem or users will suddenly stop screwing things up are the complete pipe dreams here. With the addition of the signed but not reviewed category in Mountain Lion, I'm happy. It's the best of both worlds, and a much better solution than no centralized distribution at all like Windows, or a Wild West style distribution platform like the Android Market.
> The best of both worlds is having a centralized distribution of verified software but still be able to install unverified software, in my opinion.
Can an average user download a random app and be hit with malware on default settings with that model? Then it isn't the best of both worlds at all, it's the same old "blame the stupid user" broken strategy we've been using forever.
At least on my system, installing an external package does present a warning (not as alarmist as Apple's, of course) that installing from repositories doesn't.
So yes, Linux really does have the best approach here.
You can add a repo though. You add a repo you thought was trustworthy or a repo becomes compromised, the end.
> So yes, Linux really does have the best approach here.
Nope, just another "blame the idiot user" excuse. Feel free to try again though.
Get over it. You're not going to alter computing with your Hacker News comment. The only real way to stop malware is through code signing. This isn't a new concept or something that Apple came up with, it has always been the case and it's about time we stopped pussyfooting around it.
You stop supporting them. They haven't shown any indication of doing that and I'm not a paranoid conspiracy theorist like much of the HN community.
Rules like that are for the App Store to enforce, hence why they are part of the "App Store Submission Guidelines", it's not the job of code signing. They have specifically cited "malware developers" and only them when giving examples of devs that could have their certs revoked. If they stick by that, I'm happy.
I'm sorry, did you really criticize my logic on the grounds that it would not fit into a dialog box? The fact is, the dialog box is intentionally deceptive.
"This is the way forward people." Actually, the way forward is the direction we've already been going on; where there are no gatekeepers interrupting their collection of punitive tolls on software only long enough to lie about the software they don't collect their 30% from.
> I'm sorry, did you really criticize my logic on the grounds that it would not fit into a dialog box?
No, I didn't. I don't even know what you are referring to with this. I criticized it because it was a completely unhelpful response that would only serve to confuse users even more.
Are you joking? You're going to sit there with a straight face and argue that Apple should tell users that signed apps are a credible threat? Jesus.
> The fact is, the dialog box is intentionally deceptive.
No, it isn't. The app is untrustworthy because it is unsigned, and they are using a "signed = trustworthy" model. It's as clear as day and completely factual.
> Actually, the way forward is the direction we've already been going on.
No, it isn't. The way forward is simplifying interaction with computers. Arguing otherwise is completely idiotic, take any other example of technology in the world and notice that it advanced faster and more efficiently than ever before when it was simplified to the point of the masses being comfortable with it.
> where there are no gatekeepers interrupting their collection of punitive tolls on software only long enough to lie about the software they don't collect their 30% from.
They aren't lying, and they aren't imposing this on "apps they don't collect their 30% from" that is actually a flat out lie and you know it. Signed apps don't have to be distributed through the MAS. They can be distributed through the web, not result in that dialogue box, and not have to pay 30%.
Reminds me of the same issue with CA warnings, which used to be very alarmist but often incorrect in terms of the actual danger, so users just got used to pushing "Ok I don't care."
Basically, if you have something alarming show up in from of every install created prior to OS X 10.8, it will be the "boy who cried wolf" scenario.
There, they have a different set of problems. In both cases (signed and unsigned), you can proceed...but Microsoft doesn't really distinguish between the two types of warnings well, turning the whole thing into noise. I'm convinced nobody pays attention to it.
Also, check out the available buttons on the dialog---"Cancel" and "Eject disk image". I'm guessing that "Cancel" is the one you need to click to say "Cancel the warning and mount it anyway", which in other contexts is known as "OK". Argh.
But neither button says "trash it", and "eject" in the context of disk images just means "unmount". So now I'm even less clear about what those buttons do.
And since ordinary users will never figure that out, Apple needs to change the dialog or accept that they have now, officially become the big brother they fought against.
And do you honestly believe that it is a bad thing that ordinary, unsavvy with computers users will not immediately be able to install applications from unverified sources?
Yes I do. At least as long as it is required for them to be signed by Apple issued certificates.
As for the Big Brother reference, it was not name-calling. Apple specifically said we are not like the faceless, nameless corporate nightmare (then IBM, later Microsoft). Apple was different.
And now they have looked their customers computers down harder than Microsoft ever did and have taken from their users the freedom to choose. They have become what they fought against.
Mounting a disk image is a step before trying to run the program. The dialog shown is what you would see when you first download the app in a .dmg file. Then you mount the disk image, and either run the app from the disk image by double-clicking on it, or copy the application to your computer.
I think that as long as Apple stays impartial, verifies the identities of developers, and fights attempts by governments to abuse revocation, this is actually a development we should welcome and encourage.
Imagine if by default, all software most users install on their Macs will be traceable to a real entity - be it a person or company. This entity can be held responsible for the behavior of the software it distributes. If the distributed software is malicious, it's possible to immediately revoke the entity's certificate, stopping the software from running on future, and possibly even current machines. Legitimate entities that don't distribute malware are only mildly inconvenienced whenever they register or renew their Mac Developer Program membership.
In fact, a system like this only has value if it's difficult to opt-out. For an example of how useless signing is without a mandate, look at Windows: Unsigned apps run just fine, and most malware has no certificate to revoke - it keeps working long after it's discovered.
Even better, if all applications are required to be signed, it's now possible to verify the signature of everything on the system. You can prove that nothing has been tampered with, and in the event tampering has occurred, you potentially know what to replace to return to a known good state. I think this alone is awesome!
Now, could Apple use this to stifle competition? Maybe. Does it raise the bar to distribute an app on the Mac? Sure (but I'm not sure that's a bad thing). As long as disabling the signature mandate is an option, power users are free to do whatever they want, and most other users will be much better off.
The problem is with the hypothesis that Apple would stay impartial and fight attempts by government to abuse revocation. This is highly unrealistic, and we've already seen Apple use the App Store policies to keep competitors' apps out (Google voice for a long time, 3rd party browsers, ...), calling them "redundant functionality".
I think that even if you add up all of Apple's indiscretions so far (and I agree with you they've made mistakes), you'd find the number to be small, and the number still outstanding even smaller. It's not going to be a perfectly smooth ride, but as long as disabling signature verification is an option users will be able to work around Apple's obtuseness in situations like this until they're resolved.
The analogous message for untrusted webpages is "Go ahead, browse, because this is in the sandbox of the browser.".
And, when you type stuff into a textbox and POST it over HTTP, a text box often pops up the first time, saying "This is insecure, fyi".
For text-only emails, it's plenty fine. For emails with images, there's some privacy issues, and for emails with attachments, even more issues.
For the average user that won't check MD5s, saying "This can't be trusted, throw it out" is probably the right idea. There's a lot of history of people telling others their password for a candy bar, so anything that users really want they'll get, scarygram or no.
So is Apple's CA the only way to sign these? Or signing the DMG is a well known process using any cert? Just curious... coz if it's Apple only, then this sounds like payola for being able to run on OS X.
AKA every single piece of Mac Software you can download outside the MAS today.
Do people really think that every package that is out there is going to be updated with a signature? Or will people download something, run into this prompt, and turn off the setting? I think the latter.
This reminds me of when Firefox, Chrome and other browsers decided all self-signed certs are malicious, and forced all https websites (even intranet) to sign up with some CA or get users to install their certs in the browser.
As an enterprise web-app dev for a small company, it was an incredible pain-in-the-ass.
However, now, like then, the issue will dissipate once the developers get their (free) OSX signing key... just another item on the checklist before distributing your code.
Not ambiguous. Cancel means don't mount the DMG, but don't move it to the trash either. There is no 'Proceed Anyway' option, unless you enable it in System Preferences.
Which is a problem. Suppose I want to run an app that I trust, but Apple does not. I'm going to go find the option in System Preferences and turn it off so it stops bugging me, then probably never turn it back on.
The suggestion to trash the app is a bit harsh. The rest doesn't seem bad, though. Maybe something like "The identity of this application cannot be verified by Apple. Only install applications from vendors you trust. Installing applications from unknown sources may damage your computer."
Also, that "Cancel" button is pretty ambiguous. I'd think "Eject Disk Image" and "Proceed Anyway" would be better options.
There is no "Proceed Anyway" option. That would make it just another Button-That-I-Have-To-Click-To-Get-What-I-Want dialog that are so pervasive on Windows. The options are "Don't mount the DMG" and "Don't mount the DMG and throw that mofo straight into the trash".
If Apple is consistent with their past behaviour and their uncanny understanding of user psychology, setting the "Allow all unsigned programs to execute" option in System Preferences won't add a "Proceed Anyway" button - it'll just suppress this dialog altogether.
Ah, I misunderstood the intent. I thought cancel would close the warning and allow the application to be installed anyway.
So there will be no way to bypass this in a per-app basis without changing the system preferences for all applications? You either completely disallow unsigned applications, or you always allow them?
I'm not sure that's the best approach, but I'm not sure it isn't, either. :)
You can right-click it and open it and the system will remember it as a per-app exception, from what I can tell.
That this isn't achievable directly from the standard dialog is probably a good idea to avoid training Joe Average User to become blind to the warnings.
> That this isn't achievable directly from the standard dialog is probably a good idea to avoid training Joe Average User to become blind to the warnings.
Yes, this is a very good point.
I feel like there's a (probably smaller, but still not insignificant) middle ground of people who generally know what they're doing, but would still like the extra layer of protection, for whom the per-app exceptions would be handy. Having it not the default, though, is probably a good thing.
> I feel like there's a (probably smaller, but still not insignificant) middle ground of people who generally know what they're doing, but would still like the extra layer of protection, for whom the per-app exceptions would be handy. Having it not the default, though, is probably a good thing.
Well, that's effectively what the default is, where the "middle-ground" people will know to go into the contextual menu (or if you're feeling particularly keen, to disable the quarantine bit on the DMG from the command line, which is what triggers the signing check in the first place).
> Also, saying "You should move it to the Trash" is weirdly strong wording.
when he published a very influential write-up[1] of how he discovered that "you should follow me on Twitter" was the best text to use to actually get people to click the link and follow him. It's not unlikely that people implementing this UI were actually influenced by Dustin's original findings when choosing this wording.
So he may be calling his own idea "weirdly strong", which is how I always felt about his "you should follow me on Twitter" phrase (and the resulting explosion of it around the web). It's a meme come full-circle, and the father doesn't recognize it!
"You should move it to the Trash"? What kind of crap is that? Apple is going down the terrorism route to make sure developers pay them to join the walled garden?
I'm afraid this is a glimpse of the post-Jobs era. Modal dialogs with technical, scary non-sense and money trumping good UX.
Maybe this is so when they water it down they arrive at something strongly worded that we would have originally disliked but can live with it because it is a lot better than the current implementation.
Of all the Mac viruses, worms, malware, etc. that have been distributed, how many of them came in the form of a dmg that the user opened and installed? I would think most of the things that "may damage your computer" would come in the form of vulnerability exploits and other stuff that the user will never see or get a chance to block.
What about adding an option, "proceed anyway, I understand the risks" ?
Currently in 10.7 there is something for downloaded apps the first time it pops up and has an option to continue. Why not continue with that? And yes this will just lead to people deactivating the thing completely and it will now offer 0 protection in the future.
The vast majority of apps people download will not damage their computer. That's irrelevant. Downloading 100 good apps and one malware app still means I have malware. It's reasonable to warn people when they are doing something risky.
Seems very Apple-like to me: they provide a more controlled environment for users and developers – providing warm security fuzzies – and want to collect a toll for that service (via 'recognized distributor' registration).
The toll isn't very large, and while imperfect, it does add a level of accountability/reputation that isn't there otherwise.
I wonder, though: is every signature-verification reported back to the Cupertino mothership? That would offer some interesting capabilities: "there's a statistically significant larger number of [crashes|support-requests|upgrades|etc] from users of developer X's software".
Forgive my naivety, but what problem is this solving? Maybe I'm not in the loop, but I'm not aware of a large amount of malware that forcibly downloads itself marked as an Adium.dmg file. It seems like this is a hoop to jump through. Come to Apple or else your users will be scared to install your application.
(also, none of the comments seem to touch on the fact that this is OPTIONAL in Mountain Lion. Of course, I hope it stays that way or it is modified to be... less fear mongering)
