10.8.3 Gatekeeper issue for signed applications

Hello

We have an application packaged in mpkg bundled in a tar format. I have signed the application using productsign. We are providing a link for users to download this application.

Unfortunately in 10.8.3, even though we signed the application and the users have set their security preferance as "Allow applications downloaded from App Store & trusted developers", the installer will thrown an error showing that this application is not trusted.

Once the application is downloaded from the web, it sets the following attribute

$ xattr myapp_signed.dmg | more

com.apple.diskimages.fsck

com.apple.diskimages.recentcksum

com.apple.metadata:kMDItemDownloadedDate

com.apple.metadata:kMDItemWhereFroms

com.apple.quarantine

Question:

1. This appears like a new change from apple in 10.8.3. The same works fine earlier.

2. Is there any workaround for this that i can do (not the users). For users i am aware that they can right click and use open with option or chaneg their security pref.

Is this a bug in 10.8.3?

Thank you and i look forward to hearing from you.