On 01/02/2013, at 1:24 AM, Sean McBride <s...@rogue-research.com> wrote:
> You are conflating issues. They are only "useless in practice" if you > distribute with the app store. If you distribute otherwise, they are plenty > useful: you can use the temp entitlements to get other App Sandbox benefits > even if you grant yourself full file system access. At least then if your > app is compromised there is still protection for network, microphone, camera, > etc. It's all about limiting the attack surface after all... I still maintain that sandboxing is a solution in search of a problem. If I'm distributing outside the app store, it's simply much easier not to sandbox. The benefits of the "protection" it offers are entirely theoretical, whereas dealing with the limitations, bugs and performance problems it brings are very real. But we've had this conversation; it's been done to death. I don't think it's worth rehashing. --Graham _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
