alt Hacker News> so much of a complicated nuisance that most people simply give up
Most people should give up.
The number of legitimate unsigned apps for MacOS that your grandparents should frictionlessly one-click-to-install is essentially nil.
Meanwhile, they're receiving countless bullying demands a day to install keyloggers and drain their bank accounts.
The threat model tradeoffs are clear.
Replies
A single scary warning per source (ie per new certificate that you choose to trust) would be fine. If I had to jump through a few hoops to install f-droid on a stock device that would be fine. But once I've authorized f-droid the OS needs to shut up and stay out of the way for good. No "are you sure you want f-droid installing this other thing" nonsense.
This is the human death drive externalized into thought. Reject it in all of its instances with extreme prejudice.
The threat model doesn't work. It depends on Apple doing their job, and even $99/year doesn't prevent Apple from signing a Trojan horse of your competitor: https://blog.lastpass.com/posts/warning-fraudulent-app-imper...
You want to talk about confusing Grandma? Why isn't Lastpass the first entry on the App Store when you search for it verbatim? At the going rate, installing signed software is more deceptive than searching for the official installer online.