Why should sandboxing on MacOS X even be necessary, seeing as we already have the Unix file permissions (and ACLs) to handle who can/cannot read/write to a file or directory? The only time I can see needing an entitlement is if you write low-level stuff (IOKit, kext's, USB drivers, 'fixit' utility programs, etc…) that could be hijacked by malware (and that normally run as root, or that spawn or talk to low-level services/daemons that do.) User-land programs shouldn't be able to write anywhere but the user's folder and subfolders thereof anyway. I can see the benefit of taking a more security-related stance on a closed platform like iOS so as to make writing malware harder, but for a general-purpose computing platform, this'll just put unnecessary roadblocks in the way of newbies who want to develop for it… Unless Apple's geniuses can figure out a way to simplify the whole shooting match to a one-click solution! :)
i.e. 1) Request a CSR from the Keychain Access.app 2) Upload the certificate to Apple – once you login, anyway – via developer.apple.com/devcenter/ios/index.html or developer.apple.com/devcenter/mac/index.html; whichever. 3) Get back – and download – a simple digital 'token' file you can put on any development machine you own or have (legal) access to (i.e. that's tied to your apple ID) and Xcode will take care of the rest, including separating out the important bits (public/private keys, talking to keychain access to update said keys, code signing, creating entitlements, etc…) 4) Compile your iOS/MacOS X program after setting the entitlements (select the 'project' in the project pane, so you see the info panel in Xcode; a tab panel will then allow you to select the entitlements' – some selections will be pre-set based on static code analysis – checkboxes.) 5) Upload to a device (if iOS), or to the Mac/iOS App Store! Presto! As it is, there's a whole sh*tload of steps between 2 and 4 now (and that replace step 3). Boo! _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
