Announcement

Collapse
No announcement yet.

Better Flatpak Support For Firefox Appears To Be Coming

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by tildearrow View Post

    It is done, but is it possible to assign a file extension to it?
    Of course.

    Comment


    • #22
      Originally posted by tildearrow View Post
      See? And this is why I don't like Flatpak at all. Sandboxing is mandatory in it and I hate it.
      Like it or not, that's the only decent way for the future.

      Comment


      • #23
        Originally posted by Creak View Post
        The only thing missing with Flatpak is the permission detection (like in a smartphone),
        ...
        It is actually in progress and I'm eager to see it working at last!
        For those interested, he is talking about the Portals interface/feature in Flatpak https://flatpak.github.io/xdg-deskto...rtal-docs.html

        Comment


        • #24
          Originally posted by starshipeleven View Post
          Like it or not, that's the only decent way for the future.
          The future doesn't actually require sandboxing to be something the user can't turn off.

          Comment


          • #25
            Originally posted by tildearrow View Post

            It is done, but is it possible to assign a file extension to it?
            Sure, why not?

            Comment


            • #26
              Originally posted by fsfhfc2018 View Post

              The future doesn't actually require sandboxing to be something the user can't turn off.
              Yes it does. That's the only way to ensure that applications are guaranteed to work when sandboxed. So you can sandbox them properly without using server-grade equipment like containers or going full-retard-mode and make a VM.

              If your system does not enforce it, like Snap, then none gives a shit and just ships the package with sandboxing disabled instead of bothering to fix the application (like most Snap packages).

              Comment


              • #27
                Originally posted by starshipeleven View Post
                If your system does not enforce it, like Snap, then none gives a shit and just ships the package with sandboxing disabled instead of bothering to fix the application (like most Snap packages).
                Alright, we've now established that mechanisms to disable the sandbox should be on the user configuration side, not the package configuration side.

                I'm not saying this to be pedantic, I'm fairly convinced that it wouldn't require magic or defiance of physical laws to give the user a say in the matter. As it seems that a moment ago we were talking about the inevitable and unavoidable. I just don't buy it. Incidentally, lately I'm trying a distro with OSTree that forces you to use flatpak (apt is locked) and a lot of the (native) apps don't work anyway. Nothing forces people offering apps to "give a shit"-- nothing.
                Last edited by fsfhfc2018; 09-13-2019, 07:04 AM.

                Comment


                • #28
                  Originally posted by fsfhfc2018 View Post
                  Alright, we've now established that mechanisms to disable the sandbox should be on the user configuration side, not the package configuration side.
                  No we have not.

                  I'm fairly convinced that it wouldn't require magic or defiance of physical laws to give the user a say in the matter.
                  It's not a matter of feasibility, it's a matter of security model.

                  The modern security model (and what I mean with "future") is "assume untrusted". This is not subject to change in the forseeable future.

                  The user simply cannot know an application is truly trusted. Even power users or developers can't really be 100% sure that some application is trustworthy or not.

                  Modern OSes designed around that concept like Android do have some form of control over application permissions, but what they allow to third party applications is still only a small subset of what you can actually do if you have full root privilege.

                  Nothing forces people offering apps to "give a shit"-- nothing.
                  Lol yeah sure.
                  If the developer does not care, someone else in its developer/contributor/user community will. Most of the stuff on Flathub is made by someone that "gave a shit" and "keeps giving a shit", and not by the original developers (especially for closed-source stuff).

                  Comment


                  • #29
                    No we have not.
                    Originally posted by starshipeleven View Post
                    what they allow to third party applications is still only a small subset of what you can actually do if you have full root privilege.
                    The problem I think, is if the package maintainer has more access to the application than root does. It's fine if the package model locks the App out of the system-- when there isn't a way for the system to get to the package, you now have a crippled root user and a privileged developer.

                    I can think of a lot of people that appeals to, but it's a serious problem for quite a few of us who have other choices. This is not ultimately a good thing for Flatpak, if Flatpak is intended for the free software ecosystem. It's great for corporations like Red Hat, though lately all you hear about is what's good for them.

                    Another funny thing about Red Hat, is that when you question something they champion you immediately find people talking to you as if they assume you haven't known the command line for 30+ years and GNU/Linux for more than a decade. It's practically a given, but perhaps it's my imagination.

                    Comment


                    • #30
                      Originally posted by fsfhfc2018 View Post
                      The problem I think, is if the package maintainer has more access to the application than root does.
                      wtf are you talking about?
                      1. Root has full access to the application and it's sandbox even if it's in a flatpak (they are some folder structure somewhere in the disk, I don't recall at the moment).
                      2. Root can also override the sandboxing settings specified in the application manifest with "flatpak override" (both to harden it more or to relax the permissions) http://docs.flatpak.org/en/latest/fl...atpak-override

                      Of course this requires that root has any understanding of Flatpak first.

                      fapping fapping, redhat hate, fapping, hate on redhat and to people that support it... perhaps it's my imagination.
                      Yes it is your imagination.

                      Comment

                      Working...
                      X