> Maybe this is a win for some set of Linux users (maybe even most); it's far from clear that it's appropriate for all.
...and that's okay. What really bothers me about these security conversations is the attitude that hardening has to be enforced on all users. That's ridiculous—everyone has their own threat models.
The problem with the prompts in Catalina isn't that they exist or even that they're the default setting, but that they're mandatory for everyone.
That's the thing, it doesn't. I had both SIP and Gatekeeper turned off.
Presumably, without SIP you could in theory either edit the tcc database directly or patch the checks in memory, but implementing that kind of hack is beyond my skill level. And a hack shouldn't be required—there should be at minimum a command line switch for SIP-disabled machines.
...and that's okay. What really bothers me about these security conversations is the attitude that hardening has to be enforced on all users. That's ridiculous—everyone has their own threat models.
The problem with the prompts in Catalina isn't that they exist or even that they're the default setting, but that they're mandatory for everyone.