1. Sandboxing Permute

    So we’ve been forced to sandbox Permute. Sounds familiar? All entitlements that are used need to be explained why are they necessary. For Permute, we’re allowing outgoing network connections (Growl support, sending error reports, etc.), read-write user-selected file access, read-write access to the Movies and Downloads folder.

    Then we need some of those temporary entitlements: Mach lookup global name for older Growl, and AppleEvents for AppleScripts used to communicate with iTunes and Finder.

    And the biggest entitlement of all: we need a read-write access to the whole filesystem, i.e.

    com.apple.security.temporary-exception.files.absolute-path.read-write = ( “/” )

    Oh boy, Apple does not like this. Why do we really need it? Aren’t security-scoped bookmarks enough? Not really - we allow the converted file to be saved in the same folder as the original file, which is probably used by most of our users - it avoids the confusion of less experienced users “where did the converted file go?” as well as helps many power users to simply convert the file and trash the original (the way I personally use it).

    What did Apple say? Quoting:

    "It would be appropriate to remove the option to save to "the same folder as source" or to ask the user where to save for each conversion."

    I mean WTF? Ask the user where to save for each conversion? Eh? Imagine opening 10 files. 50 files. Permute does batch conversions. Removing the option in favor of selecting a single folder where to save all converted files? Isn’t this a little confusing for the user? I mean all these changes are because Apple claims they want to assure the best user experience - this is the user experience you’re talking about? Confusion, annoying dialogs, etc?

    Common, Apple, where are your balls! Stop crippling our apps and give us the entitlements we need, not the entitlements you think we need!