[nathanaldensr]

Ah, the classic tug of war continues between the principle of least privilege and convenience/productivity. It's safe to say people's opinions are all over the spectrum.

Despite favoring "least privilege" myself, I find the new nag screens overbearing. I think some basic UI reworking can help to alleviate that, though. It's a new feature; they'll get it right within a couple of iterations.

[franga2000]

There is a third approach, which is both safe and convenient, but unfortunately it's not universal and well supported on modern systems - segregation. The vast majority of applications don't actually need access to your operating system. My entire development environment for each project I work on could run in its own container or even VM and I'd simply connect my interface into it.

Builds, tests and the app itself could easily run inside a container - web apps can simply expose a TCP port and GUI apps can use X forwarding or the platform equivalent. Other programs that need external devices (like a serial connection to an MCU) could have those and only those passed in.

And if we're even more paranoid and worried about code exploiting our editor and tools, the editor could also be just a simple thin client with all the linters, language servers and everything else running in the container. For VS Code, this already exists for cloud development services (Che, etc.).

[ItalyPaleAle]

This makes sense. Remote-Containers (without bond-mounted volumes) or Codespaces may help here.