Jekyll & Gatekeeper #573

chrisfinazzo opened this Issue Jun 11, 2012 · 3 comments


None yet
3 participants

chrisfinazzo commented Jun 11, 2012

With the next release of Mac OS X not far off, I'm wondering if anyone's considered how Jekyll will/will not address the addition of a feature like Gatekeeper. Most of you are probably aware of this, but it's been on my mind lately so I thought I'd put it out there.

Currently, 3 modes are supported within Gatekeeper:

  1. Mac App Store only
  2. Mac App Store + "Known developers" (The Developer ID program)
  3. Install from anywhere

Thinking about how Jekyll (and its dependencies) fit in, it seems like only #2 and #3 are an option given the Sandboxing rules which apply to MAS applications. Does Jekyll plan to adopt Dev ID? I'm not aware of anything in the MIT License which would prevent this (as opposed to say, GPL, which might have stricter requirements), but I'm by no means an expert on it either.

From what I know, there is an override where you can right-click an application's icon to bypass the Gatekeeper dialog, but as Jekyll and the dependencies are run from a Terminal, this obviously doesn't work.

As things stand, the default Gatekeeper setting is #2, which seems like a fair compromise, but since Jekyll is open source, the question remains. From a security perspective, it would be reassuring to know that all the software I'm using has either been vetted (through the App Store) or comes from developers in good standing.

I seem to remember that a number of the Jekyll developers are Mac users (TPW, for example), but I'm curious if they've decided how to handle this?


tombell commented Jun 11, 2012

You install Jekyll via rubygems, and Ruby is compiled from source, rvm or rbenv so I think it depends really on how installing ruby, rvm or rbenv goes.


tombell commented Jun 11, 2012

I think Gatekeeper really only refers to actual .app applications. If it extends to command line applications it's going to be a real hinderance to many people who actually like OSX because it's UNIX.


chrisfinazzo commented Jun 11, 2012

Thanks for the reply, I hope you're right.

Seems like they couldn't enforce something like that especially since they've moved to distribute Xcode (and the Command line tools) through the store, but the pessimist in me says it's a toss up. I question it simply because they haven't commented on this particular use case, but given the UNIX core on Macs it would really be a blow to open source development. At this point, I'm cautiously optimistic.

@jekyllbot jekyllbot locked and limited conversation to collaborators Feb 27, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.