Containers are not a magic shield that protects you from all attacks. You should still be wary of what you're running even with the additional protection they offer.

For example - https://seclists.org/oss-sec/2019/q1/119

> Containers are not a magic shield that protects you from all attacks.

Nor are manual reviews by Apple staff...

Sure, but I’m not going to let perfect be the enemy of good. Could the review process be improved? Absolutely! But I’ll take some review over no review any day of the week.

I'd rather take my review from someone other than Apple then.

They could be (and are on Illumos and FreeBSD) if only they were designed with that from the start. Linux has always made the mistake of not designing things to be safe and secure from the outset (cgroups/namespaces, btrfs, etc.).

BSD is also an application desert compared to GNU/linux. It's always going to be a scale between user desires and security needs. BSD is rock solid but moves glacially slow. Most devs need more speed than that. Most users demand it. There's a reason despite the elitist attitude the Arch Illuminati take that people want Arch. It's a really stable bleeding edge release.

I assume you're talking about desktop applications? If so, I don't think the advantages of containerization really apply like they do on the server side.

well that took all of 1 minute:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1087

apt-get and yum and pacman and the rest do not enforce containerization.

No, but they get their software from a trusted central authority (unless you choose to trust a third party repo and add it manually).

Just like Apple Store ? (except the part where you can add 3rd party stores)

The apps there can't be vetted by others who want to (like they can for apt etc.). The incentives are totally different: Apple Store is commercial, and Apple takes 30%, hence the part about taking your choices away.

Apple takes 30%, so it’s in their best interest to push as many apps through as possible, yet the process is notoriously difficult. This shows you their motivation is in the right place. A third party can be bought (see Amazon paid reviews) to push something through. We’ve also seen cases in these public, but “vetted”, repos where bad code was pushed without being caught until after the fact (see NPM leftpad)

The article is about the Mac App Store. You can have third party app stores on the Mac.

Which is why some distros like Ubuntu are moving to replace them.

Not entirely, Flatpak is not intended for the base system, only for applications. Snap is AFAIK but probably not because Canonical wants to sandbox the OS from itself.

snap and flatpak certainly enforce sandboxing.