[wander_homer]

Why do you assume the flatpak comes from a no name dev? My calculator flatpak comes from the same people who wrote it, and I obviously trust them, otherwise I wouldn't be using their application.

So why should I trust them less than my distribution?

[nix23]

Ever used npm?

[wander_homer]

No, and how is that even relevant?

[nix23]

>So why should I trust them less than my distribution?

Just use google -> npm malware

[wander_homer]

I said I'm not using npm.

With my calculator flatpak I only have to trust one person and to a much lesser degree, because they declared that the calculator can't access my personal files to begin with. The same app in my distribution repository has full read-write access to all my users files, network access and much more. So yeah, I trust it more.

Distribution maintainers are nothing but a middle man, which don't even audit the code they package, so there's nothing I gain from them.