Permission issues with observability tools and the official MacOS installer

It depends… There’s two parts of signing: For getting a nice user experience with the installers we need to sign them using a Developer Certificate, otherwise users will have to jump through hoops to even start the installation. To sign the installer you also have to sign the binaries installed by the installer, and that requires using the hardened runtime which makes some runtime introspection (like debugging) harder.

After installation the story gets a bit muddier. For arm64 binaries must be signed, but that can be done using an ad-hoc signature and doesn’t require using the hardened runtime. For x86_64 binaries signing isn’t required at all.

When I want to use Xcode’s lldb debugger with a Python.org installer I generally remove the signatures from {sys.prefix}/bin/python3 and {sys.prefix}/Resources/Python.app/Contents/MacOS/Python and then resign these files using codesign -s - ... on my M1 laptop (the latter stap isn’t necessary on an x86_64 system).

If stripping signatures fixes the issue for you the nicest solution for your users would be to look into the entitlements needed in your program to allow inspecting binaries, possibly the debugging tool entitlment. That’s not something I’ve seriously looked into for my own projects.