|
|
|
|
|
|
by Natela
2807 days ago
|
|
|
What ? No it's exactly the opposite ! I think you're confusing with AppImage maybe which is indeed download from the browser & run. The (long) goal of flatpak is that the user would never download and execute from the browser, everything is updated through the flatpak repos (like the PPAs for .deb) but with the addition that the apps are sandboxed and follow a runtime model for dependency instead of packaging everything or depending on other packages. Basically the goal is to have something like on Android or IOS , so exactly the opposite of the "download from the browser and run an untrusted executable" |
|
|
Just to be clear; the "download" model I was describing is not "download and execute the actual app from the browser", it is "download and execute an installer from the browser". Then either clicking on the installer or dragging it somewhere (on Macs it used to be dragging to the desktop, but I haven't used Macs for several OS X versions now) starts the installer.
> everything is updated through the flatpak repos (like the PPAs for .deb)
This I would have no problem with; I would be able judge whether I trust their PPA the same way I judge any other third party PPA (or the distro itself, for that matter). And the update would be through the normal mechanism I use to update everything on my system, which has well-tested security measures built into it.
> but with the addition that the apps are sandboxed and follow a runtime model for dependency instead of packaging everything or depending on other packages.
I understand the benefits of this as far as fixing dependency hell. But it doesn't seem like the sandboxing part works as advertised.
> Basically the goal is to have something like on Android or IOS
I'm not sure this is a good way to phrase the comparison since it implies not just sandboxing/packaging, but an app store curated by a large corporation whose interests don't align with mine, various broken permissions models, etc.