282
Linux Mint Will Hide Unverified Flatpaks in Software Manager
(www.omgubuntu.co.uk)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 04 Jun 2024
282 points (99.0% liked)
Linux
47371 readers
802 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
The Flathub security rating is useful but too cautious (so many "false alarms" that people ignore it). It is completely independent from the verification though.
Mixing these up makes no sense.
But for sure, officially supported Libreoffice may be more secure than distro-packaged Libreoffice.
Likely not more than Distro packages. They pull in dependencies, and code, just like any other app.
Flatpaks are too pain tolerant regarding EOL runtimes. These may have security risks, and many badly maintained apps are using them, and at least KDE Discover doesnt show a warning here.
True
Very good points. It is a good security practice to stay close to a trusted upstream though. Browsers for example may have delayed security patches.
Same here, if the upstream tests the Flatpak BEFORE shipping the release, it will work and be fast. If they dont, they ship the update, the flatpak is updated some time after that, it may have an issue, the packagers may need to patch something, solve the issue upstream etc.
The thing is that packagers should join upstream, as only integrated packaging gives this inherent stability and speed.
This is not relevant in many scenarios though. Flatpaks allow to securely sandbox random apps, so they are very often more secure.
That's right, but I had a point there. My point is, that even verified applications can be marked as insecure on Flathub. That means, unverified applications can be secure based on the standards the Flathub sets. This was my point that its independent and why the verification of source has nothing to do with security. If Linux Mint does hide unverified apps, because it thinks these are unsecure, then it should hide all the applications that are marked as a potential unsecure app; just like the unverified apps are potentially unsecure (just like any other verified app).
Hopefully this was not too confusing to read.
Yes, verification is very different from the security rating.
Poorly you can sort by subsets but not by the security rating.
There are legacy apps that are always insecure with huge static filesystem permissions AND they are sometimes not well maintained i.e. they dont support the Flatpak.