|
|
|
|
|
|
by Flimm
42 days ago
|
|
|
In practise, Flatpak packages have many more permissions than you might expect, and the sandbox feature gives a false sense of security. For example, the Obsidian Flatpak package [0] is given all of the following abilities without explicit permission from the user (the user has to know where to look to find out about them): - Home folder read/write access - System folder media - System folder mnt - Microphone access and audio playback - And more... The Obsidian snap [1] is installed with the --classic flag, which also grants access to the whole home directory, but at least you have to consciously specify the --classic flag to grant this permission. [0] - https://flathub.org/en/apps/md.obsidian.Obsidian [1] - https://snapcraft.io/obsidian |
|
|
Flatpak could of course be significantly better... but it's still a massive step in a better direction.