Bundle an 'Internet Access Policy' manifest with macOS builds #437
Comments
|
This looks like an interesting thing to have which I've not heard of before (it's understandable though since I'm not a macOS user). By the way, I think it would make sense if the https://github.com/electron-userland/electron-builder project used for assembling the installation packages would enable the IAP support at own side so all the @electron based apps could benefit from it. But I could not locate the IAP/"Little Snitch" to be mentioned there, so apparently, this thing is not in high demand. I've also briefly looked into the https://github.com/electron/electron/issues and IAP is mentioned there only in conjunction with some "in-app purchase" stuff. To move forward with the implementation of such an OS-dependent feature I'd better run macOS at my side to properly build and test things. This is not going to be the case in the near future. Meanwhile, if you like firewall-like stuff, you might want to explore the mail account-specific Block non "API entry point"-based network requests opt-in security-related feature enabled since v4.9.0. This feature was recently tested here by the app user. |
|
I immediately enabled the block-extraneous-network-entry feature, and it works fantastically well with Little Snitch! This is a low-priority issue; it's really only a minor user-experience / user-friendliness thing, and it's only applicable to a subset-of-a-subset of users. |
Just a friendly reminder that it is possible to run Mac OS on other hardware platforms with a few tweaks, and there are many online resources dedicated to this purpose. |
|
Sure, I'm aware of hackintosh thing. I currently own just one laptop, and it's not like I'd like to turn it into a hackintosh-something thing. The preferred option is a separate laptop for macOS stuff or a virtual machine (I've tried one VM approach before and it sort of worked, but was a nightmare experience). So it's more likely that one macOS app-user/developer will make a pull request and close the issue than I jump into this stuff. |
A lot of security-conscious macOS users rely on a program called "Little Snitch", effectively an application firewall / reverse firewall for macOS processes.
The team over there has an excellent and well-supported system for developers to declare the connections their application will be making, and more importantly, provide human-friendly explanations for those network connections (as well as explanations of any consequences involved in blocking those connections — again, something a lot of us do by-default nowadays). They've released this in a standard known as an 'Internet Access Policy', or IAP.
It's good citizenship on the macOS platform to provide such information to users; so hopefully, you'll consider adding IAP to the build-processes for ElectronMail, and starting up a habit of writing human-readable descriptions of connections!
The text was updated successfully, but these errors were encountered: