Announcement

Collapse
No announcement yet.

Flatpak Support Is Now "Production Ready" In KDE Discover

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Flatpak Support Is Now "Production Ready" In KDE Discover

    Phoronix: Flatpak Support Is Now "Production Ready" In KDE Discover

    It seems to be a busy weekend for KDE news... The latest is that the Flatpak app sandboxing support formerly known as XDG-App is considered production ready within KDE Discover...

    http://www.phoronix.com/scan.php?pag...pak-Production

  • #2
    Does Fedora have this Discover thing in its Distribution?
    Last edited by Anvil; 01-13-2018, 11:38 PM.

    Comment


    • #3
      This is like Redhat snd Debian standardizing on a package.

      Comment


      • #4
        Discover is shaping up nicely. There are still quite a few features missing that are now standard in "App" stores, but hopefully it can catch up with time.

        Comment


        • #5
          Flatpak isn't secure at all. For now it's packaging system, which allows package creators to limit privileges of their packages.

          If it was to be secure, then the user would be the one, who controls access privileges, not the package maintainer...

          All that secure thing about Flatpak is very misleading.

          Comment


          • #6
            Originally posted by kravemir View Post
            Flatpak isn't secure at all. For now it's packaging system, which allows package creators to limit privileges of their packages.

            If it was to be secure, then the user would be the one, who controls access privileges, not the package maintainer...

            All that secure thing about Flatpak is very misleading.
            But isn't it same with apt , aur , ppa's, Snaps?

            I'm a noob but i didn't see anything about priveleges on below too.

            You are just guessing they would be secure , did you controlled priveleges of one of the packages you installed using others?

            Comment


            • #7
              Originally posted by Leopard View Post

              But isn't it same with apt , aur , ppa's, Snaps?

              I'm a noob but i didn't see anything about priveleges on below too.

              You are just guessing they would be secure , did you controlled priveleges of one of the packages you installed using others?
              None of these are secure. But, apt doesn't sell itself as secure and sandboxed.

              ​​From apt, I'm installing opensource software, therefore I can be almost sure, that there's no hidden malware in them (though, they might have bugs, but they won't compromise your system on their own).

              Nothing, where user doesn't have control over privileges application gets, is secure. But, don't sell insecure things as secure. That's my message.

              Comment


              • #8
                Originally posted by kravemir View Post
                Flatpak isn't secure at all. For now it's packaging system, which allows package creators to limit privileges of their packages.

                If it was to be secure, then the user would be the one, who controls access privileges, not the package maintainer...

                All that secure thing about Flatpak is very misleading.
                Flatpak is being developed in a "make it stable, then make it useful, then make it perfect" pattern as a superior alternative to DEB, RPM, and various other existing mainstream packaging systems for desktop Linux.
                1. Make it stable: Stabilize the APIs so Flatpack packages will be forward compatible
                2. Make it useful: Implement the APIs so that sandboxed applications can actually function. (We are here)
                3. Make it perfect: Add stuff that's easy to retrofit, like permissions control.
                Being a more secure alternative to DEB/RPM/etc. for desktop apps is a perfectly good step on the road to being a more user-empowering alternative to APK. Having permissions control at a stage where the permissions being controlled aren't yet implemented just puts you behind schedule for building an ecosystem.

                EDIT: Note that I said "more secure" rather than "secure". You can always limit yourself to open-source Flatpaks, and I'd much rather have my Humble Bundle and GOG.com games in Flatpaks than MojoSetup installers. Enforcing that the code obeys the publisher's intentions may be inferior to enforcing the user's preferences, but it's better than no enforcement at all.
                Last edited by ssokolow; 01-14-2018, 06:33 AM.

                Comment


                • #9
                  Originally posted by ssokolow View Post

                  Flatpak is being developed in a "make it stable, then make it useful, then make it perfect" pattern as a superior alternative to DEB, RPM, and various other existing mainstream packaging systems for desktop Linux.
                  1. Make it stable: Stabilize the APIs so Flatpack packages will be forward compatible
                  2. Make it useful: Implement the APIs so that sandboxed applications can actually function. (We are here)
                  3. Make it perfect: Add stuff that's easy to retrofit, like permissions control.
                  Being a more secure alternative to DEB/RPM/etc. for desktop apps is a perfectly good step on the road to being a more user-empowering alternative to APK. Having permissions control at a stage where the permissions being controlled aren't yet implemented just puts you behind schedule for building an ecosystem.

                  EDIT: Note that I said "more secure" rather than "secure". You can always limit yourself to open-source Flatpaks, and I'd much rather have my Humble Bundle and GOG.com games in Flatpaks than MojoSetup installers. Enforcing that the code obeys the publisher's intentions may be inferior to enforcing the user's preferences, but it's better than no enforcement at all.
                  I agree, that if it will be done properly, it could be superior package manager for installing 3rd party, closed source software. But, it won't replace DEB/RPM, these will be always superior for system packages. Combination of both would be great for end users.

                  You might not say it's secure, but flatpak.org says it is: Secure, sandboxed applications. Flatpak's sandboxing technology prevents exploits and hinders malicious applications.

                  That is very false advertisement
                  ​​​​​

                  Comment


                  • #10
                    Snap is secured, because once it's installed in confinement it can't escape out of it no matter how hard publisher tries and also it's backed by powerful tech (I think) like apparmor.

                    Comment

                    Working...
                    X