It’s important, otherwise that means any locally-running binary (maven, npm) can steal all of your passwords, since they are in clear on your computer.
MacOS asks when “Terminal” wants to access the Downloads or Documents or the Contacts, etc.
However it asks once, across all Terminal programs, for the entire lifetime. So if you’ve ever used “find ~/Documents -…”, then Maven can access it too.
My opinion about this is that we’ll progressively go towards a Dockerization of the builds, which is the only one that gives developers confidence about the sandboxing.
It should be required by SOC2/PII certifications, though. As in, I already think I’ve seen an insurance ask something like “Are accounting documents present on a machine where compilation is executed” or maybe it was “Is it possible to install new programs on machines where sensitive documents are managed?”
