Is Signed QuickAdd package is must ?

Question

Please advise if QuickAdd package must be signed. When we install the package on our clients they turn up as 
&#034;Verified&#034; under Profiles. Is it necessary to Sign the QuickAdd packages ?

justinrummel · Accepted Answer

Required, no.  &#034;Best Practice&#034;, sure... it just depends on your enrollment workflow.If you as the admin double click on the PKG to enroll each machine, no big issue.  You know that you may have to &#034;Ctrl + Click&#034; the pkg to bypass Gatekeeper security features (vs. lowering the security preference to &#034;Anywhere&#034;... that is not advised).However if you ask your end users to enroll themselves into the JSS, each users MUST be an admin of their machine to bypass Gatekeeper in addition to installing the jamf binary.  Signing your PKG is doing something for your users so they don't have to worry about knowing how to &#034;Ctrl + Click&#034; to bypass (and doesn't teach them a bad habit).  - Justin

RobertHammen · Answer

Gatekeeper uses Apple's quarantine system. Files downloaded via a web browser (or sent via email) typically are quarantined. Files copied from a server via AFP/SMB are not.

If your workflow includes downloading a QuickAdd package from a web server, or emailing a QuickAdd package, you should sign your package.
If it does not, you probably do not need to, although, as Justin posted above, it's a best practice, just in case your workflow changes.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded