Breaking Code Signing via SSH
Ok, so the title is a bit misleading. Code signing wasn’t broken by SSH itself, it was the keychain interactions that occur when using SSH, but some context is needed. When you sign into the developer portal in Xcode, Xcode stores two items in the keychain that allows developer tools to access the developer portal on your behalf: Xcode-Token & Xcode-AlternateDSID. Prior to Xcode 9.3, these items were stored in the normal login keychain....