Where? I don’t see it here. Can click on the “manifest” but nobody will be reading all of that. Tried Tor Browser to rule out extensions. Maybe it’s actually communicating with the desktop client in some way which I don’t have?
Also, a backdoor in this particular program can steal your PGP keys. Some clueless guy who added it to GitHub for a tutorial may have some issues if it’s not password protected. It’s in no way like Android where “OpenKeychain” were forced to define a protocol and now reading a key prompts the user.
Oh, and one of the few dozen local privilege escalations found by AI in the mountains of trash of our great kernel completely negate all of this. It has to be AI because no human nowadays is doing all of that anymore. And enslaving humans to pick out code 24/7 isn’t legal anymore anywhere, ya know.
click the red “medium risk” thing near the install button
Oh, and one of the few dozen local privilege escalations found by AI in the mountains of trash of our great kernel completely negate all of this. It has to be AI because no human nowadays is doing all of that anymore. And enslaving humans to pick out code 24/7 isn’t legal anymore anywhere, ya know.
that’s not a problem of flathub, but literally all computers. windows, macos, android is also susceptible to it.
Literally how the fuck was I, or let alone “a simple user”, is supposed to know that? “Intuitive, uncluttered UI” my ass.
Also “The software developer has verified their identity, which makes the app more likely to be safe” ??? How Android wannabe (without actually being anything like Android) do they want to be???
Just check the permissions of an app before installing. Bazaar has a gauge for how “safe” an app is based on permissions. If it doesn’t request internet, filesystem access, and other powerful permissions, it’ll be marked as the safest.
Really it’s the same as docker. It’s secure most of the time, but don’t come crying about getting hacked if you give all your containers access to /dev, host networking, etc
Pretty much. Snap is the only one with a semblance of anything appearing to be security, and nearly every container requires you to turn it off to run.
Nope, the security is basically a gate in the middle of a field.
“App with access to files can access files”
And “we won’t tell you which ones can”
Well, both the Flathub website and KDE Discover list this, so this seems like a GNOME issue and not a Flatpak issue.
Flathub:
KDE Discover:
Where? I don’t see it here. Can click on the “manifest” but nobody will be reading all of that. Tried Tor Browser to rule out extensions. Maybe it’s actually communicating with the desktop client in some way which I don’t have?
Also, a backdoor in this particular program can steal your PGP keys. Some clueless guy who added it to GitHub for a tutorial may have some issues if it’s not password protected. It’s in no way like Android where “OpenKeychain” were forced to define a protocol and now reading a key prompts the user.
Oh, and one of the few dozen local privilege escalations found by AI in the mountains of trash of our great kernel completely negate all of this. It has to be AI because no human nowadays is doing all of that anymore. And enslaving humans to pick out code 24/7 isn’t legal anymore anywhere, ya know.
click the red “medium risk” thing near the install button
that’s not a problem of flathub, but literally all computers. windows, macos, android is also susceptible to it.
Literally how the fuck was I, or let alone “a simple user”, is supposed to know that? “Intuitive, uncluttered UI” my ass. Also “The software developer has verified their identity, which makes the app more likely to be safe” ??? How Android wannabe (without actually being anything like Android) do they want to be???
The problem of flathub is the illusion of safety.
idk, this is the first time I saw that menu. it’s a pretty visible red at a prominent place on the webpage, so I wouldn’t say it’s hidden
where is the illusion of the safety? where does it say it’s the safest thing ever made?
Just check the permissions of an app before installing. Bazaar has a gauge for how “safe” an app is based on permissions. If it doesn’t request internet, filesystem access, and other powerful permissions, it’ll be marked as the safest.
Really it’s the same as docker. It’s secure most of the time, but don’t come crying about getting hacked if you give all your containers access to /dev, host networking, etc
Yeah that post is 5 years old, I would think a lot of that has changed by now
Well shit.
Pretty much. Snap is the only one with a semblance of anything appearing to be security, and nearly every container requires you to turn it off to run.
Ha! That sucks. I appreciate that article but now I’m having a little bit of an existential crisis.