[michaelmrose]

Nobody wants a packaging system that can't package existing apps not designed to be secure in a useful fashion.

In a traditional app packaged as a deb/rpm the developer releases the source which then must be packaged and made to work with each distribution/platform. If the app is malicious or is sold to someone/compromised by someone who is then you are 100% hosed.

In a flatpak not designed to be properly sandboxed you are in fact no worse off than the alternative deb/rpm situation save that the issue of packing for distribution has been made easier.

It's in fact probably extremely challenging to package all sorts of applications without giving the user the option to provide an individual app elevated permissions.

At best we are relying on the user to decide which app ought to get those permissions.

If you think people can't be trusted to do this then the logical solution is to rely on packagers to decide what belongs in the official repo and keep malicious content out.

[comex]

Well, the ideal solution is to fix the application to use the special file chooser that gives the app permission to access whatever files the user chose. I only know the basics about Flatpak, but I know it has such a file chooser; does Gimp not use it, or is there some other issue that makes it require full home directory access?

In the meantime – sure, package the app, but it shouldn’t show up as “sandboxed” in the GUI if the sandbox isn’t meaningful. Instead it should come with a nice scary warning that the app has access to all of your files… you know, for everyone to ignore and click through. (You can lead a horse to water…)

[yellowapple]

In flatpak you are worse off, though, since - as the article indicates - they lag behind on security updates. If they get compromised by unpatched exploits, that sandbox is a valuable line of defense.

[danilocesar]

The writer tries to blame Flatpak for app maintainers mistakes. That isn't fair.

If an app doesn't get an security fix whoever maintains that package should be the one to blame.

Disclaimer: I don't like flatpak either, I'm just trying to be fair here...

[michaelmrose]

This is a fair point. Tons of people said that flatpaks wont get security updates because you would end up with 7 versions of libfoo getting updated, or not, on different schedules.

Lo and Behold this is true.

The security gains even in the future are also probably mostly imaginary. You can't trust average users to understand the implications of granting permissions. By default if they are installing an app they trust the dev.

Further its not like malicious actors can't test against the sandbox and do the extra work to discover ways through the fence. Getting your target to run your malware tends to be game over outside of very heavily restricted environments.

If the browser had a build in fashion to ask the user to give them full control of the machine in a way that didn't look like malware 20% of users would end up with compromised devices.