How about "Only allowing a process to run as root if installed with specific root permission by the user"? It's not rocket science. Very few apps need this.
Sorry: the first clause isn't a sentence, so I can't understand what you meant. No criticism: typos happen.
That's opinion, your argument is..?
Anyway, my concern isn't a "crazy nut" but a moderately sensible user who isn't a linux developer, and who wants to install an independent PIM on his Nit.
That's the point. A sandbox lets me run 99% of apps safely. Conveniently, the 1% it can't handle are those that I expect to get from the platform owner - OS updates.
No, as I said users could have the option of non-sandbox apps. But with a decent design they would be rarely needed - certainly not for a PIM, a media player (given a decent api), or the other apps most users care about.
This is doubly wrong.
This is just irrelevant to how a sandbox model works.
The current security model (ie none) is a fairly good explanation why the Nit hasn't been picked up for vertical applications and other corporate development.