Apple is responding to what the vast majority of the market wants. Most customers want a computer that "just works" and is secure, and they want Apple to do security for them. Having the OS/machine vendor do security for you is a gigantic value-add for most users. Most people either don't know enough to handle it themselves or don't have time.
There is a minority base of users who explicitly don't want this, and that includes many of the users on HN. Product development tends to be a quasi-democracy in that what most of the market wants, most of the market gets.
That being said the implementation here is badly designed. What Apple should do is have an advanced dialog in the security/privacy preference panel that allows these things to be configured, but with a warning that doing so will disable certain Apple-provided security features. Also: Macs have plenty of space. Why not download the entire f'ing CRL list? It's just a bunch of hashes and timestamps. Download the whole thing and then update it with patches at a configurable rate: every 15 minutes, every hour, every day, or "on request." That would fix many problems.
Apple is responding to what the vast majority of the market wants. Most customers want a computer that "just works" and is secure, and they want Apple to do security for them. Having the OS/machine vendor do security for you is a gigantic value-add for most users. Most people either don't know enough to handle it themselves or don't have time.
There is a minority base of users who explicitly don't want this, and that includes many of the users on HN. Product development tends to be a quasi-democracy in that what most of the market wants, most of the market gets.
That being said the implementation here is badly designed. What Apple should do is have an advanced dialog in the security/privacy preference panel that allows these things to be configured, but with a warning that doing so will disable certain Apple-provided security features. Also: Macs have plenty of space. Why not download the entire f'ing CRL list? It's just a bunch of hashes and timestamps. Download the whole thing and then update it with patches at a configurable rate: every 15 minutes, every hour, every day, or "on request." That would fix many problems.