Like how it happened for Bartender, another macOS app which required a lot of permissions. It was sold to a company and they told no one, until a user noticed via the now defunct MacUpdater that the app signature changed.
Ben Surtees (Bartender’s original developer) burned all the good will accumulated over years in one moment. Never again can anyone trust software under that name.
Bartender was not a supply chain attack! The app was sold for monetary reasons to another developer for monetary reasons.
There were no targets involved. There were no nation-states involved. There were no attacks involved. You might not like the new developer, but this whole discussion of a nation-state and 9 figure payoff is totally ridiculous.
> You might not like the new developer
What I didn’t like was the secrecy, that was a breach of user trust. Why wasn’t it announced is the problem.
That's a legitimate criticism. Nonetheless, this subthread started with a comment about supply chain attacks and nation states, which is ridiculous.