Context
Braid currently publishes raw release binaries, including braid-darwin-amd64 and braid-darwin-arm64. We would like to investigate producing notarized macOS release artifacts so users installing Braid outside the Mac App Store get the expected Gatekeeper trust path.
Apple's current docs describe notarization as submitting Developer ID-signed software to Apple. Apple currently lists the Apple Developer Program as USD 99 per membership year, with possible fee waivers for qualifying nonprofit, accredited educational institution, or government entities.
At the moment, I do not have an Apple Developer Program account. Before adding release automation, we need to determine whether there is any legitimate path to notarize the macOS builds without paying Apple Developer Program fees, or whether signing and notarization must wait until we have a paid or waived developer account.
Scope
- Identify Apple's current requirements for Developer ID signing and notarization of command-line macOS release binaries.
- Determine whether a free Apple ID, GitHub-hosted macOS runner, third-party CI, open source program, or fee waiver path can support notarization without paying the annual Apple Developer Program fee.
- If no fee-free path exists, document the minimum account, certificate, secret, and annual cost requirements.
- Decide how this affects macOS release artifacts and install documentation.
Acceptance Criteria
- A short decision record documents whether notarized macOS builds are possible without a paid or waived Apple Developer Program account.
- If notarization is possible, a follow-up implementation issue describes the required release pipeline changes.
- If notarization is not currently possible, release documentation clearly states the limitation and any user-facing macOS install guidance we want to provide.
References
Context
Braid currently publishes raw release binaries, including
braid-darwin-amd64andbraid-darwin-arm64. We would like to investigate producing notarized macOS release artifacts so users installing Braid outside the Mac App Store get the expected Gatekeeper trust path.Apple's current docs describe notarization as submitting Developer ID-signed software to Apple. Apple currently lists the Apple Developer Program as USD 99 per membership year, with possible fee waivers for qualifying nonprofit, accredited educational institution, or government entities.
At the moment, I do not have an Apple Developer Program account. Before adding release automation, we need to determine whether there is any legitimate path to notarize the macOS builds without paying Apple Developer Program fees, or whether signing and notarization must wait until we have a paid or waived developer account.
Scope
Acceptance Criteria
References