We-ell, this thread kinda started with saying that we’ll see glaring security holes with the same desktop popularity as that of Windows.
Yeah, like windows did, for a long time, and from time to time still does.
Well, then it doesn’t require flatpaks and snaps to solve this huge problem, right?
It pretty much does, yes.
Well, since you’ve mentioned accessibility […]
Ok. Not to do with security. Let’s not get sidetracked.
Ok I’m not sure, but I think OpenBSD and NetBSD don’t run any scripts contained inside packages. They are not Linux ofc
I’m not sure about the BSDs, but I’m talking about Linux. And as it stands, the package installation step is a risky process in any distro I’ve ever seen. You just have to rely that no mistake will ever be made by packagers, nothing will slip past them, and that they manually and thoroughly look through every installation process of every package (which they don’t).
It’s an unnecessary risk that gets solved by Flatpak (plus a bunch of other security advantages)
Yes, you can do that. You can set aliases which will look like whatever at all. How do you solve that “problem”?
I don’t know, I’m not a security expert. But it is a problem, and a massive one.
It’s an unnecessary risk that gets solved by Flatpak (plus a bunch of other security advantages)
… Or Nix/Guix, or any per-user approach to package installation, or AppImages.
Anyway, I’m not against them completely. For distributing some user applications, and maybe proprietary stuff, they are fine.
And as it stands, the package installation step is a risky process in any distro I’ve ever seen. You just have to rely that no mistake will ever be made by packagers, nothing will slip past them, and that they manually and thoroughly look through every installation process of every package (which they don’t).
We-ell, in basic Unix-like terms you can just do a chroot while unpacking, check that no nasty places are being touched, and then rsync to root. I think some PMs already do just that.
I don’t know, I’m not a security expert. But it is a problem, and a massive one.
This problem seems inherent to anything Turing-complete.
Nix is not simple, and it always seems to fuck up. AppImages have zero security advantages, they’re awful. It doesn’t even have sandboxing.
We-ell, in basic Unix-like terms you can just do a chroot while unpacking, check that no nasty places are being touched, and then rsync to root. I think some PMs already do just that.
Lmao. Not only would that not even be effective, but that’s also a ludicrous suggestion for the average user to do for every app they install. What an absurd suggestion.
Yeah, like windows did, for a long time, and from time to time still does.
It pretty much does, yes.
Ok. Not to do with security. Let’s not get sidetracked.
I’m not sure about the BSDs, but I’m talking about Linux. And as it stands, the package installation step is a risky process in any distro I’ve ever seen. You just have to rely that no mistake will ever be made by packagers, nothing will slip past them, and that they manually and thoroughly look through every installation process of every package (which they don’t).
It’s an unnecessary risk that gets solved by Flatpak (plus a bunch of other security advantages)
I don’t know, I’m not a security expert. But it is a problem, and a massive one.
… Or Nix/Guix, or any per-user approach to package installation, or AppImages.
Anyway, I’m not against them completely. For distributing some user applications, and maybe proprietary stuff, they are fine.
We-ell, in basic Unix-like terms you can just do a chroot while unpacking, check that no nasty places are being touched, and then rsync to root. I think some PMs already do just that.
This problem seems inherent to anything Turing-complete.
Nix is not simple, and it always seems to fuck up. AppImages have zero security advantages, they’re awful. It doesn’t even have sandboxing.
Lmao. Not only would that not even be effective, but that’s also a ludicrous suggestion for the average user to do for every app they install. What an absurd suggestion.
Why are you so against having a secure system?
I dunno what you’re on, I’m talking about the PM doing this.
I’m against believing in the concept of actually having a secure system.