When are we going to see the unix filesystem reflect a threat model other than protecting users from each other? The filesystem permissions you're referring to being messed up work off threat model assumptions that pre-date unix.
I mean maybe if Apple provided a decent way to sandbox processes or restrict them outside the traditional unix user-owned-process model, but all their efforts here seem designed to pimp their app store.
/usr/local is just one place where this friction arises. SIP does not point to improvements here in the near future.
Hmm, I am not sure we are using the term the same way. The processes built still run with my user id with full access to everything that entails.
In any case, the App Store sandboxing is pretty useless at enabling end-users to control what the process does. I mean little snitch should be built in to the OS by now and given user experience considerations outside the control or snitch—say, shipping apps with explicit whitelisted routes to the internet you can view before launching one.
/usr/local is a remnant of a time that makes no sense anymore for most developers in a time of dedicated workstations and I can hardly blame homebrew for pushing back against any of the cruft that's built up over the years but is now difficult to justify.
I mean maybe if Apple provided a decent way to sandbox processes or restrict them outside the traditional unix user-owned-process model, but all their efforts here seem designed to pimp their app store.
/usr/local is just one place where this friction arises. SIP does not point to improvements here in the near future.