Notarization of binaries on macOS

[arif-desu]

This stems from issue #3422 on rustup issues page.

The curl-to-sh method of installing rust binaries is already disapproved by many (including me) and this is acknowledge in rust documentation here, where alternate methods to install including the native installer methods are listed. For macOS, .pkg installer is available, however it fails to open due to Gatekeeper check, making it clear the pkg was not notarized.

I would like raise the request for rust related binaries, such as rustc and cargo, be taken through notarization process for making it more accessible on macOS users. The workarounds like trust the package in settings shouldn't be considered a good security practice.

The 3rd party package managers come with their own caveats, which I wouldn't want to discuss here.

Other toolchains have already adopted this model of distribution by providing notarized packages, such as Go, CMake and ARM GNU Toolchain.

[ehuss]

Thanks for the report! I believe this is a duplicate of #27694, so closing in favor of that. Unfortunately I think there are some difficult technical issues to resolve to make progress that we don't have capacity for.