Comment 58 for bug 1522675

Steve: Yes, the sandbox user exists to protect people from bugs in our http protocol handler, ssl libraries, compressors, etc.

Now, why do we have to write a line about that (I'd not call that noisy): First of all, we want scripts/programs using apt to also use sandboxed downloading. Without a warning, they would not know about it. Optimally, they'd download files to a temporary name, verify checksums, and only then rename to the final location.

Second: It also protects against permission issues elsewhere.

I hope that we can one day create the files as the normal user, and simply pass an open file descriptor to the workers, that would get rid of permission issues entirely. But that's not very likely to happen in a reasonable future, as sending file descriptors only works via unix sockets and some other fancy stuff we don't use for worker communication.