If you push your packages with MDM, you don’t need...
# querycong
groob
06/21/2019, 3:18 PM
If you push your packages with MDM, you don’t need to notarize
g
Guillaume
06/21/2019, 3:20 PMGood point, but for people with customers who aren't gonna be on MDM 100% of the time, we need to have a good workflow to get that done too. For internal needs with MDM there's probably no need for EV certs etc either 🙂
g
groob
06/21/2019, 3:20 PM
sure, but osquery is also largely going to work less and less for customers without mdm
groob
06/21/2019, 3:21 PM
that’s the brave future on macOS
g
Guillaume
06/21/2019, 3:21 PMYep
g
groob
06/21/2019, 3:21 PM
kolide builds unique packages for each customer because it includes enrollment secrets /config specific for that customer
groob
06/21/2019, 3:22 PM
but they could also build + notarize a single package with no configuration for everyone
g
Guillaume
06/21/2019, 3:22 PMWe do that too at Uptycs
g
groob
06/21/2019, 3:22 PM
and use a different method for configuration
groob
06/21/2019, 3:22 PM
yeah, it’s a convenience thing which is probably not a use case apple is thinking about
groob
06/21/2019, 3:23 PM
but it’s a good question to bring up
g
Guillaume
06/21/2019, 3:23 PMI think I would rather have a immutable package, and have a way to specify config with arguments than hope notarization will always happen at the speed I would want it to, but who knows maybe it'll scale too!
g
groob
06/21/2019, 3:23 PM
there’s other tools that ship config (cisco comes to mind)
g
Guillaume
06/21/2019, 3:26 PMyeah definitely not a unique use case