You are not logged in.
benibilme wrote:One more question. What do you think about flatpak security. Could flatpak be more trust wordy than AUR packages if I use only official repositories.
In defense of Flatpak beyond my positive experience, there is this: https://blogs.gnome.org/uraeus/2021/09/ … x-desktop/
Offline
https://xkcd.com/927/
Edit: almost a textbook example…
Last edited by seth (2022-11-11 19:59:21)
Online
This is like buying a fancy new lock for your house, leaving it unlocked, then blaming the lock manufacturer when you get robbed. Flatpak packagers opening up the whole disk is PEBKAC not a flatpak bug. Also can't you restrict it more when running, regardless of default permissions? But I suppose it's useful to know an ecosystem is full of idiots before deciding to use it.
Offline
Flatpak packagers ...
Was the irony here deliberate?
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Online
Flatpak packagers opening up the whole disk is PEBKAC not a flatpak bug.
The problem here is that you're shifting the exposure responsibility of your system from your distro and yourself to your distro, yourself and random idiots¹ and exploit ridden dated libraries from the days of yore.
The flatpak promise is to provide shielding against that, but the shield works like https://en.wikipedia.org/wiki/Cooperative_multitasking … that's not a PEBCAK but consumer misleading.
1) container systems are popular w/ people who cannot write compiler or API aware code and rely on very specific library versions - how do you assume they'll "solve" any kind of host access issues?
Online