Can Alfred provide instructions in popover on failure to run unsigned binary

[nikivi]

Currently all Alfred users installing workflows that have a binary inside it will be met with an error saying you can't run it but you can move it to the trash. It's not obvious what you have to do to get rid of the error. So workflows are forced to add instructions like this one.

 

https://github.com/deanishe/awgo/wiki/Catalina 

To basically all workflow's readme's.

 

I wonder if it's possible for Alfred to recognize that there was a failure to run a script filter due to permission issue and show some kind of dialogue that says 'In order to run the workflow, please right click on the program name in Finder' and then on OK, open the Alfred folder in Finder for the user. That would be quite a nice UX improvement for all users, technical or not.

 

Of course another, more solid option is to instead make users open Privacy settings and add Alfred to Developer Tools so the error never happens again. That can be achieved in a similar dialogue flow too. 

 

Reason I bring it up is I helped a friend setup her new mac and she was met with this issue on trying to install a workflow and it was confusing what she had to do in order to simply run it.

 

Thank you. 

[vitor]

That’s a potentially dangerous idea.

You’re suggesting that Alfred blindly tells its users “hey, the OS thinks that running this piece of software might not be such a good idea, but go ahead and ignore that”. By that point you might as well just turn off Gatekeeper entirely, negating the need for an Alfred popover. This suggestion is a lot of responsibility that Alfred shouldn’t be taking on; it opens a perfect gap for malicious actors.

The way Apple handled the security dialogs is subpar, but the solution isn’t to ignore them indiscriminately. If a user doesn’t understand the risks and doesn’t know how to tell the software to run anyway then they shouldn’t be turning off security features and definitely should not be encouraged to.

Edited July 16, 2020 by vitor

[nikivi]

Yeah you right. Still though instead of Alfred saying to ignore the warning and give instructions how to do it, perhaps Alfred can link to FAQ such as one found here https://github.com/deanishe/awgo/wiki/Catalina. 

 

Do hope macOS makes this process easier.

[nikivi]

I am also a bit confused, don't scripts written in Python or whatever language have same potential issues that binaries have? Or never mind, there is no issue as you can inspect the script. 😐

Edited July 16, 2020 by nikivi

[deanishe]

12 hours ago, nikivi said:

I am also a bit confused, don't scripts written in Python or whatever language have same potential issues that binaries have?

 

Yes. But you can't sign scripts.

 

12 hours ago, nikivi said:

Or never mind, there is no issue as you can inspect the script.

 

Not necessarily. Python scripts can be distributed as bytecode, and it doesn't much matter that you can read the code if the script has already run because macOS didn't ask you for permission first.