People really underestimate how much time is available to qualify whether a feature that on paper that sounds problematic is benign or functionally helpless without $XYZ other things by a security team. Saying use MDM to 'fix' it is dev time they might not have, and the only ethical thing they can do is remove the new unknown risks from their list of risks.
Much like your SLAs are not my SLAs your risks are not my risks. iterm2 inserting a mechanism to talk to a new class of component is not a minor change.
Much like your SLAs are not my SLAs your risks are not my risks. iterm2 inserting a mechanism to talk to a new class of component is not a minor change.