https://github.com/osquery/osquery logo
Title
g

groob

06/21/2019, 3:18 PM
If you push your packages with MDM, you don’t need to notarize
g

Guillaume

06/21/2019, 3:20 PM
Good point, but for people with customers who aren't gonna be on MDM 100% of the time, we need to have a good workflow to get that done too. For internal needs with MDM there's probably no need for EV certs etc either 🙂
g

groob

06/21/2019, 3:20 PM
sure, but osquery is also largely going to work less and less for customers without mdm
that’s the brave future on macOS
g

Guillaume

06/21/2019, 3:21 PM
Yep
g

groob

06/21/2019, 3:21 PM
kolide builds unique packages for each customer because it includes enrollment secrets /config specific for that customer
but they could also build + notarize a single package with no configuration for everyone
g

Guillaume

06/21/2019, 3:22 PM
We do that too at Uptycs
g

groob

06/21/2019, 3:22 PM
and use a different method for configuration
yeah, it’s a convenience thing which is probably not a use case apple is thinking about
but it’s a good question to bring up
g

Guillaume

06/21/2019, 3:23 PM
I think I would rather have a immutable package, and have a way to specify config with arguments than hope notarization will always happen at the speed I would want it to, but who knows maybe it'll scale too!
g

groob

06/21/2019, 3:23 PM
there’s other tools that ship config (cisco comes to mind)
g

Guillaume

06/21/2019, 3:26 PM
yeah definitely not a unique use case