Hi Team,
One of my customers reported that he is getting below warning on his MAC M2 running mac OS 12.6.x and latest version of Compass. Screenshot attached.
"MongoDB Compass.app" can't be opened because Apple cannot check it for malicious software.{}
I have checked and found that the notarisation was done earlier for MacOS 10.x as per this Jira ticket.
I see currently the builds on my M1 does not seem to be notarised as well based on below output.
spctl -a -t open --context context:primary-signature -v Downloads/mongodb-compass-1.36.1-darwin-arm64.dmg
Downloads/mongodb-compass-1.36.1-darwin-arm64.dmg: rejected
source=no usable signature
spctl -a -t exec -vvv Downloads/mongodb-compass-1.36.1-darwin-arm64.dmg
Downloads/mongodb-compass-1.36.1-darwin-arm64.dmg: rejected
It is important for my customer as the compliance requirement in his environment requires to run signed applications. Quoting customer here.
"For MacOS, the Compass installer is unsigned. This is a security concern for us as we require all applications to be signed and do not allow our developers/end-users to bypass this restriction."
and
"this is preventing us from being able to install Compass on new laptops so it's kinda a big deal. Please do escalate and let me know what you hear."
Help required:
- Please confirm if we have plan to notarise the compass package for Mac OS 12.x in the future as we did for MacOS 10.x in Compass version 1.23
Let me know if you have any questions or concerns.
Kind regards,
Ghulam