Your own links show that likely isn't parent's issue. It only sends a hash on the first run of an executable. I'm not saying the problem you're talking about isn't a problem or concerning, but it's very likely not the problem they're talking about.
I hate when people say "mine works," but here's an `ls` of my homedir showing it's not universally slow. I currently have an absolute garbage network connection.
> ls -G 0.00s user 0.00s system 64% cpu 0.010 total
There are also many, many other reasons it could be; some macOS specific and others that aren't--most importantly what they're seeing isn't universal. macOS often ships with very old GPL2 tools that can cause various problems (many people brew install updated GPL3 versions), people often have configurations that can slow down `ls` by multiple factors (colors, sorting, etc can each cause multiple queries to disk or require the listing to complete before displaying output), customizations causing a slow prompt, a slow or corrupt disk, listing a slow network drive, etc.
The VPN bypass was very quickly removed from macOS over a year ago [1]. So it would only be relevant if they were using a very old version of Big Sur.
I'll jump in here and say that it probably _is_ notarization. The issues arrise when osx thinks it can get a connection to ocsp but actually because of real world consequences it can't. This can cause a delay of upto 5 seconds while it times out.
Some specific examples,
No internet connection: instant fail over
Blocked OCSP firewall or whatever: instant fail over
Slow internet but still able to reach: slow start: 1+ seconds
Bad internet, not able to reach: 3-5 second delay waiting
Normal internet, OSCP reachable: <1 second delay
Disabled trustd: Nothing will start, single user mode and trustd restore required
I've experienced all of these and is one of the reasons I have a shiney new Framework laptop sitting waiting to be migrated over to.
Also the "only on first run" also isn't true. It periodically checks for certificate revocation (as it should) and therefore will cause issues at sporadic intervals.
And the kicker of course is that all this is via plain ol' http, so everyone knows what developer's programs you're starting via the hash.
I hate when people say "mine works," but here's an `ls` of my homedir showing it's not universally slow. I currently have an absolute garbage network connection.
> ls -G 0.00s user 0.00s system 64% cpu 0.010 total
There are also many, many other reasons it could be; some macOS specific and others that aren't--most importantly what they're seeing isn't universal. macOS often ships with very old GPL2 tools that can cause various problems (many people brew install updated GPL3 versions), people often have configurations that can slow down `ls` by multiple factors (colors, sorting, etc can each cause multiple queries to disk or require the listing to complete before displaying output), customizations causing a slow prompt, a slow or corrupt disk, listing a slow network drive, etc.
The VPN bypass was very quickly removed from macOS over a year ago [1]. So it would only be relevant if they were using a very old version of Big Sur.
[1] https://www.patreon.com/posts/46179028