• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Entitlements Questions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Entitlements Questions

  • Subject: Re: Entitlements Questions
  • From: Todd Heberlein <email@hidden>
  • Date: Tue, 15 Nov 2011 10:35:45 -0800
On Nov 15, 2011, at 8:20 AM, Laurent Daudelin wrote:

> Thanks Scott and Matt for your opinion. I guess I'll start lobbying Apple so that they might add additional entitlements.

I think this is the right way to go.

But I think there is the bigger issue of splitting monolithic programs into a family of smaller programs that communicate (e.g., by passing file descriptors back and forth). The smaller programs can then have tighter restrictions placed on what they do. This in turn means that a vulnerability is better contained. Great idea in theory, and ultimately we will all be better off the more such an approach is adopted.

I think people are just starting to get their heads around entitlements and their implications, and because of this I think Apple is just now getting serious feedback. This is a *big* *big* step for Apple, the developers, and ultimately the users of those applications. It is *big* like like going from Carbon to Cocoa big for many developers. To make such a big change as just a point release to the current 10.7 seems pretty extreme because users will automatically update to this.


(1) Let one more WWDC come and go where this is a major, major focus. I think developers need more time to wrap their heads around this. There could be major chapters in programming books dedicated to re-architecting programs to support this sandboxing. "Design Patterns for Sandboxing Your App"

(2) Delay enforcement until 10.8. This way users will make a conscious decision that they will upgrade and all the implications that comes with that (i.e., experience has taught them that some programs break at major upgrades and adoption is a little slower than an automatic software update), and it buys developers more time.

(3) Maybe there is some compromise. A System Panel that lets the user exempt some programs. Or the application icon in the Dock has a badge indicating to the user that the program is running with limited sandboxing.


Enough babbling/ranting. Sending feedback to Apple with specific examples of your issues is probably the most effective solution.

Todd

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Entitlements Questions
      • From: Todd Heberlein <email@hidden>
References: 
 >Re: Entitlements Questions (From: Matt Neuburg <email@hidden>)
 >Re: Entitlements Questions (From: Scott Ribe <email@hidden>)
 >Re: Entitlements Questions (From: Laurent Daudelin <email@hidden>)

  • Prev by Date: Re: Entitlements Questions
  • Next by Date: Re: Entitlements Questions
  • Previous by thread: Re: Entitlements Questions
  • Next by thread: Re: Entitlements Questions
  • Index(es):
    • Date
    • Thread