Hi Michael,

> codesign -s - --deep /Applications/MoI\ v5\ beta\ Apr-27-2026.app

Another confirmation that this solves the problem, thanks as always!

--Larry

It would be great if it was possible to start signing the builds — I have to deal with this on Windows 11 as well, as any moderately hardened install won't allow unsigned binaries to be elevated; each time I install or uninstall, I have to remember what's causing the error and then go flip a switch in Group Policy.

Hi Cuboctahedron, I'm kind of allergic to code signing, I view it as as pretty much a type of protection racket.

- Michael

Right. I don't think I'm going to change your mind, but the value is in the chain of integrity — you build and sign it, I download it over TLS, and I then know that I got a binary that the site intended to serve to me and that you intended to sign. It's not a perfect system by any means, but it is a useful component of an overall security strategy. That said, the issue here is just the practical one, where enough systems are starting to not accept unsigned binaries that it becomes more difficult for users. I do expect that we'll see more an increasing amount of pressure around this, as it has a real impact on security outcomes at population scale. The cheapest option currently is Microsoft's Artifact Signing process, which costs $10/month, plus of course however much of your time it takes to get it working: https://learn.microsoft.com/en-us/azure/artifact-signing/overview. Anyway, thanks much regardless!

"""""I'm kind of allergic to code signing, I view it as as pretty much a type of protection racket""""""""""""""

Use code signing or the rabbit gets dog food! lol