Comment by mike_hearn

2 days ago

Any app can be sandboxed on macOS and by default newly created apps are; that's why I say if you create a new app in Xcode then anything run by that app is sandboxed out of the box. App Store enforces it but beyond that isn't involved.

3 comments

mike_hearn

staticassertion 1 day ago

I feel like we're just talking about different things? I've just said that I'm aware of apps being sandboxed, that does not mean that some random program you run from your terminal is sandboxed.

mike_hearn 1 day ago
Right, I'm skipping a step.
What I'm saying is that it's very easy now to take some arbitrary task - doing a compile/release cycle for example - and quickly knock up a simple signed macOS .app that sandboxes itself and then invokes the release script as a subprocess. Sandboxing is transitive and the .app itself can authenticate to the OS to obtain creds before passing them to the subprocess.
In the past I've thought about making a quick SaaS that does this for people so they don't have to fiddle with it locally and maybe some day I still will. But you can easily do it locally especially with Xcode and AI now. You wouldn't have to know anything about macOS development.
- staticassertion 20 hours ago
  
  Ah, yes. I totally agree with that and wish that's how people built software.