this post was submitted on 08 Apr 2024
22 points (66.7% liked)
Privacy
32165 readers
145 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Many Flatpaks bundle libraries which aren't available in any runtime. There have been cases of non-malicious Flatpaks (on Flathub) containing known vulnerable versions of libraries. Is a user expected to cross reference a Flatpak's manifest with known library vulnerabilities before installing it?
Flatpak's "sandbox" (more of a container really) also breaks internal sandboxing mechanisms used by some other apps notably Chromium-based browsers (they use some hack to use Flatpak's sandbox instead but I doubt it is as secure).
Flatpak is not a security tool, it is a software distribution tool (Edit: BTW, the Flatpak project doesn't even claim to be about security).
Let's improve flatpak, instead of abandoning it :)
Personally I don't see the harm in abandoning Flatpak, the technologies developed to support it (bubblewrap, desktop portals and the secure contexts Wayland protocol to name a few) are far more important and can be used independently.
I think Flatpak has the potential to be good, if distros use it as their primary package manager with a sane (not Flathub) repository (Fedora has a well maintained Flatpak repo, for example). Otherwise, for the average user, installing a Flatpak from Flathub when there is a distro package available might seem like a good idea because they heard about sandboxing, but in many cases it will actually be more secure to just use the distro package.