news Atlassian, the Australian developer of the SourceTree app for Mac have decided to stop submitting SourceTree updates to the Mac App Store after March 1st, the deadline for all submitted applications to run inside a ‘sandbox’.
Atlassian stated in a blog post: “Unfortunately, this will disallow important SourceTree functionality that was previously acceptable under store rules.” It added that making the app sandbox-enabled would force changes that would remove features, damage its usability, and overall ruin users’ experience. Instead, the company has decided to make new updates available, free, directly from their website sourcetreeapp.com.
Sandboxing is intended to be an enhanced security feature. A sandboxed application is confined to its own ‘sandbox’ and cannot access other resources or perform any actions that require it to go beyond its walls. This effectively prevents a sandboxed application from negatively affecting another application. In an alert sent to developers in November 2011, featured on theMacObserver, Apple wrote, “Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users’ systems.”
According to Ted Landau of theMacObserver: “This all sounds great except that many applications need at least some outside access to carry out their primary functions. A photo editing app, to take one obvious example, would be useless if it were blocked from accessing the photos in your iPhoto Library.” To resolve this issue, the company has allowed ‘entitlements’ that an app can request when it is submitted to the Mac App Store for approval. Extra temporary entitlements would be granted to apps being re-engineered to be sandbox compatible, but these would be phased out over time.
Atlassian feels that the impact that sandboxing would have on SourceTree would be significant. For one, the company anticipates file access issues. SourceTree enables users to type or copy/paste paths directly into text boxes, while sandboxing would keep the functional process self-contained, forcing them to use the File Open panel to give explicit access.
Another problem that the company foresees is that in a sandbox-enabled version the user home directory would be trapped inside the container, making the standard SSH configuration unavailable and forcing another unnecessary step on the user. Other issues that Atlassian visualizes are: sandboxed applications are not permitted to send Apple Events, thereby disallowing important functionality; ‘Open with’ will no longer be allowed, as files can only be opened with their associated editor; and, the transfer of settings and licenses between the App Store and Direct Versions would fail as sandboxing does not allow access to settings outside the container.
Conceding that sandboxing is a good idea because it asks applications to be specific about their actions, Atlassian however is not ready for “a downgrade of the app” to fit in with Apple’s policies. Atlassian says its “sincere hope is that Apple will address the shortcomings of the sandboxing implementation in the future”, for there seems to be no compatibility between the current sandboxing policy and their version of SourceTree.
Image credit: Atlassian