id summary reporter owner description type status priority milestone component version resolution keywords cc port 53411 macports-base codesigning ? juju4 "I'm using macports on Macos 10.11+10.12 and Google Santa (https://github.com/google/santa) which allows to whitelist and blacklist binaries. It can be done both by path+checksum and certificates. It seems with most port selfupgrade/sync of macports, I got a change with /opt/local/libexec/macports/bin/tclsh8.5 and a few others. hopefully it's legit. but as it is not signed, I have to whitelist it again each time. Is there any work to get macports base binaries signed? ideally, base and all binaries distributed by project are codesigned by macports and any locally compiled port is compiled by local user if identity is available. I see that it has evolves positively in recents months for ports * #51504 * https://github.com/macports/macports-ports/commit/92a031da26545716e0de1ffd6db6b33283db49cd * #53168 So why not bring it to base :) That would be a very helpful improvement to security. Thanks" enhancement new Normal base 2.4.0 neverpanic