A flawed system can't possibly get any better you say?

I think guys at flathub will have to address this eventually. Does anyone here think Steam would let anyone publish random shit on their platform without even requiring publishers to reveal their identities and sign some kind of contract with the platform?
If you screw the customer on Android Market or whatever the Apple equivalent is, you get sued to hell.
If you screw the customer on Alibaba, you get sent to Gulag.
If you screw the customer on Flathub, well what happens then?

If I was flathub I wouldn't want to be known as the platform with the least amount of consumer protection. No serious developer will publish their software on a platform deemed unsafe for their customers.

But everyone that has write access to the Debian repository's is knows by Debian and there leaders or by a responsible person. The same is with Ubuntu, Fedora, etc.

They have sane submission rules,


and as most github projects they need a member to approve the pull request, see one of the applications approved here
(yes, most of the posts are from a build bot, look for the github users with the "member" badge as they are the project admins with commit access.




That's the only way to really check that a distro isn't shipping malware too. Rebuild the package and check the checksum of your package vs the package in the distro repos. Flatpak packages just like distro packages are specifically made to be reproducible, from the same source you get exactly the same result.

I really don't think even distros care that much about their package maintainers. Whoever shows up to be a maintainer of a package is usually good enough. They don't do extensive background checks or even make sure that he is actually a real person or anything.

That's one of the reasons why "source packages" exist. They allow users to ckeck that the maintainer isn't a fraud.

This is completely irrelevant as I said, as it's random civilians all over the world, even with full name and personal information you would be hard-pressed to actually make sure he isn't lying and even when he is not it would be useless for suing him unless you like to sue someone in random countries overseas and have some seriously fat stacks to burn in this endeavor.

No it's not like a third party repo if that's what you mean. Any new application or application update needs to be approved and committed to the project's app repo by a project admin.

Applications without a maintainer (when the maintainer quit) are also tagged as orphan by admins too https://github.com/flathub/org.mozil...b5901f65d53717

There is no liability provided, so no "responsible" if anything goes wrong in distros.

It would only be a PR hit

Unless they are paid by the distro, this is probably too much to ask for from volunteers.

The guy who recently shot people in lllinois was also known by his leaders, didn't stop him from shooting though. My point is that they have write access and while they are known, it still doesn't stop them from doing anything they want if they really wanted to harm Debian.

im afraid ya wrong, Flathub will now be able to Package Beta software. im sure i read there on phoronix or on planet gnome website.https://blogs.gnome.org/alexl/2019/0...-flathub-land/

Oh, well that's something that was announced very recently. Didn't know that, thanks.