Imagine the following situation:
I build my VST3 plugin today, October 8th 2024, using XCode, and I sign it with my Apple Developer account (99$/year). My license expires on December 31st 2024, and I don’t renew it after that.
My VST3 plugin is available for download in my website. Obviously, anyone who downloads it and runs it for the first time between today and December 31st 2024 doesn’t have any problem.
But what happens after that? I guess those who already downloaded and ran my VST3 before December 31st 2024 can still use it without issues. But what happens for those downloading it from January 2025 and on? The plugin was signed properly on October 7th 2024, with a valid license, but at the moment the user downloads it the license isn’t valid. This is assuming I don’t release any future updates, of course.
If the license expires, the binary remains signed and notarized with a valid certificate, basically forever. You only need to renew the license if you want to sign/notarize new binaries.
I don’t think this is true. I recently tried to install some older plug-ins that were signed and it said their certificate had expired. So there is a time limit even on signed binaries.
Hmm, that’s interesting!
Here’s an official source:
It says signed apps can still be used after certificate expiry, but not if the certificate has been “revoked”. Maybe that was the case?
I’m not sure if these terms apply to notarization in exactly the same way.
Ah, it looks like the installer for this app still runs. It’s just that a tool such as Suspicious Package gives a big EXPIRED warning on the certificate. But yeah, macOS itself doesn’t seem to mind. So you’re right, unless the certificate is revoked, installers will still work even if it has expired (which happens 5 years after it was issued).
