Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
g
groob
06/21/2019, 3:18 PMIf you push your packages with MDM, you don’t need to notarize
g
Guillaume
06/21/2019, 3:20 PMGood point, but for people with customers who aren't gonna be on MDM 100% of the time, we need to have a good workflow to get that done too. For internal needs with MDM there's probably no need for EV certs etc either 🙂
g
groob
06/21/2019, 3:20 PMsure, but osquery is also largely going to work less and less for customers without mdm
that’s the brave future on macOS
g
Guillaume
06/21/2019, 3:21 PMYep
g
groob
06/21/2019, 3:21 PMkolide builds unique packages for each customer because it includes enrollment secrets /config specific for that customer
but they could also build + notarize a single package with no configuration for everyone
g
Guillaume
06/21/2019, 3:22 PMWe do that too at Uptycs
g
groob
06/21/2019, 3:22 PMand use a different method for configuration
yeah, it’s a convenience thing which is probably not a use case apple is thinking about
but it’s a good question to bring up
g
Guillaume
06/21/2019, 3:23 PMI think I would rather have a immutable package, and have a way to specify config with arguments than hope notarization will always happen at the speed I would want it to, but who knows maybe it'll scale too!
g
groob
06/21/2019, 3:23 PMthere’s other tools that ship config (cisco comes to mind)
g
Guillaume
06/21/2019, 3:26 PMyeah definitely not a unique use case