[Openmcl-devel] Apple To Require Sandboxing For Mac App Store Apps - Slashdot

[Tim Bradshaw]

On 7 Nov 2011, at 20:21, Robert Goldman wrote:

> As a user of an Android phone, I would not endorse this as a panacea.
> It burdens the users with a flood of information, of dubious usefulness
> (even the current set of privilege classes is a lot, and it is quite
> gross compared to a useful ACL scheme), and which most users are
> unprepared to manage.  It seems like a far-from-optimal point in the
> complexity versus information tradeoff.

That doesn't really describe what I'm thinking of.  My idea is that in the app store there would be a class of applications which are "safe" in the "are sandboxed" sense, and that almost everything would be in this class.  These would be like iOS apps or whatever - you should basically be able to assume they won't be able to nuke your machine (or leak your private data, which is worse).  For the small number of things *not* in that class you would need to make a more informed decision: "this is a development environment, it can ...", "this is a new release of the OS, it has unbounded HW access", and so on.

I definitely was not thinking that for every thing you installed you'd have to evaluate whether you were happy with some complicated privilege vector.