[ljackman]

Yes, macOS seems to be heading in the right direction (even if it means frustrating legitimate usage patterns at times).

In particular, I like that it kept it simple by either an application being sandboxed with explicit user permissions for certain features, or not being sandboxed at all. Contrast with Linux FlatPaks where even "sandboxed" programs can have a wide range of implicit permissions based on the image configuration, which aren't obvious to end users when running `flatpak install` in the same way that macOS's privacy settings are for each sandboxed macOS app.

I remember some FlatPak applications defaulting to allowing unsandboxed home directory access without prompting me on installation, which seemed to defeat the purpose somewhat. It does block nefarious control flow attacks against programs that declare a strict sandbox, but that doesn't seem to go far enough in my view.