You're signing it wrong !
A recently discovered security vulnerability in how third party vendors are checking Apple's "code-signing" process potentially made it easier to trick macOS users into running malicious third-party code. Developers have been warned of the risk, but users still need to upgrade their software to guard against attacks exploiting …
Sorry to ruin the joke but this attack doesn't fool any of the built-in OS-level security measures, just a bunch of third-party apps that check the signature on only the first architecture within a fat binary.
So the blame-claim would be: they're validating it wrong.
... though hopefully Apple will do something about whatever the APIs are to encourage correctness by default.
The "is it signed" APIs are so badly documented as to not exist.
So I'm not surprised people aren't using them correctly. Chances are that one person found a way that seemed to "work", and everyone else copy-pasted because they couldn't find anything better.
Chances are that one person found a way that seemed to "work", and everyone else copy-pasted because they couldn't find anything better.
Copied from StackOverflow, perhaps?
Biting the hand that feeds IT © 1998–2018