> > why is it running any time Chrome isn't?
> It runs updates in the background, so it needs to run when Chrome doesn't.
Gnah
> > why is a browser installing a root service?
> ¯\_(ツ)_/¯
Ok so it needs to replace the bundle - I feel Apple should add support for replacing binary A with binary B if A and B has the same signing key, although obviously there are a bunch of fun issues involved, I think that case shouldn't necessitate an update service running as root :-/
> > why is a piece of software changing root level symlinks in the first place? Clearly it doesn't need to because SIP prevents that nonsense
> Probably a bug.
Wah wah
> > Finally: is this enough to explain why SIP/rootless is a good feature?
> Well, a number of people decided that SIP was hindering them enough to turn it off, so I'm not sure…
The general problem is that it's still easier for developers to say "disable SIP by doing ..." without saying "we haven't written our [drivers/application/whatever] properly", rather than just writing the software properly. Which you know is possible because even in kernel driver land you hardly ever see driver's claiming that it's necessary.
e.g. its necessary from an end-user PoV but only because companies don't want to pay devs to put effort into working with SIP enabled when there's a much cheaper "tell the user to disable security" option available.
Gnah
> > why is a browser installing a root service? > ¯\_(ツ)_/¯
Ok so it needs to replace the bundle - I feel Apple should add support for replacing binary A with binary B if A and B has the same signing key, although obviously there are a bunch of fun issues involved, I think that case shouldn't necessitate an update service running as root :-/
> > why is a piece of software changing root level symlinks in the first place? Clearly it doesn't need to because SIP prevents that nonsense > Probably a bug.
Wah wah
> > Finally: is this enough to explain why SIP/rootless is a good feature? > Well, a number of people decided that SIP was hindering them enough to turn it off, so I'm not sure…
The general problem is that it's still easier for developers to say "disable SIP by doing ..." without saying "we haven't written our [drivers/application/whatever] properly", rather than just writing the software properly. Which you know is possible because even in kernel driver land you hardly ever see driver's claiming that it's necessary.
e.g. its necessary from an end-user PoV but only because companies don't want to pay devs to put effort into working with SIP enabled when there's a much cheaper "tell the user to disable security" option available.