Hmm, I am not sure we are using the term the same way. The processes built still run with my user id with full access to everything that entails.
In any case, the App Store sandboxing is pretty useless at enabling end-users to control what the process does. I mean little snitch should be built in to the OS by now and given user experience considerations outside the control or snitch—say, shipping apps with explicit whitelisted routes to the internet you can view before launching one.
/usr/local is a remnant of a time that makes no sense anymore for most developers in a time of dedicated workstations and I can hardly blame homebrew for pushing back against any of the cruft that's built up over the years but is now difficult to justify.
In any case, the App Store sandboxing is pretty useless at enabling end-users to control what the process does. I mean little snitch should be built in to the OS by now and given user experience considerations outside the control or snitch—say, shipping apps with explicit whitelisted routes to the internet you can view before launching one.
/usr/local is a remnant of a time that makes no sense anymore for most developers in a time of dedicated workstations and I can hardly blame homebrew for pushing back against any of the cruft that's built up over the years but is now difficult to justify.