Originally posted by tildearrow
View Post
Announcement
Collapse
No announcement yet.
Better Flatpak Support For Firefox Appears To Be Coming
Collapse
X
-
Originally posted by Creak View PostThe only thing missing with Flatpak is the permission detection (like in a smartphone),
...
It is actually in progress and I'm eager to see it working at last!
- Likes 1
Comment
-
Originally posted by fsfhfc2018 View Post
The future doesn't actually require sandboxing to be something the user can't turn off.
If your system does not enforce it, like Snap, then none gives a shit and just ships the package with sandboxing disabled instead of bothering to fix the application (like most Snap packages).
Comment
-
Originally posted by starshipeleven View PostIf your system does not enforce it, like Snap, then none gives a shit and just ships the package with sandboxing disabled instead of bothering to fix the application (like most Snap packages).
I'm not saying this to be pedantic, I'm fairly convinced that it wouldn't require magic or defiance of physical laws to give the user a say in the matter. As it seems that a moment ago we were talking about the inevitable and unavoidable. I just don't buy it. Incidentally, lately I'm trying a distro with OSTree that forces you to use flatpak (apt is locked) and a lot of the (native) apps don't work anyway. Nothing forces people offering apps to "give a shit"-- nothing.Last edited by fsfhfc2018; 13 September 2019, 07:04 AM.
Comment
-
Originally posted by fsfhfc2018 View PostAlright, we've now established that mechanisms to disable the sandbox should be on the user configuration side, not the package configuration side.
I'm fairly convinced that it wouldn't require magic or defiance of physical laws to give the user a say in the matter.
The modern security model (and what I mean with "future") is "assume untrusted". This is not subject to change in the forseeable future.
The user simply cannot know an application is truly trusted. Even power users or developers can't really be 100% sure that some application is trustworthy or not.
Modern OSes designed around that concept like Android do have some form of control over application permissions, but what they allow to third party applications is still only a small subset of what you can actually do if you have full root privilege.
Nothing forces people offering apps to "give a shit"-- nothing.
If the developer does not care, someone else in its developer/contributor/user community will. Most of the stuff on Flathub is made by someone that "gave a shit" and "keeps giving a shit", and not by the original developers (especially for closed-source stuff).
Comment
-
No we have not.Originally posted by starshipeleven View Postwhat they allow to third party applications is still only a small subset of what you can actually do if you have full root privilege.
I can think of a lot of people that appeals to, but it's a serious problem for quite a few of us who have other choices. This is not ultimately a good thing for Flatpak, if Flatpak is intended for the free software ecosystem. It's great for corporations like Red Hat, though lately all you hear about is what's good for them.
Another funny thing about Red Hat, is that when you question something they champion you immediately find people talking to you as if they assume you haven't known the command line for 30+ years and GNU/Linux for more than a decade. It's practically a given, but perhaps it's my imagination.
- Likes 1
Comment
-
Originally posted by fsfhfc2018 View PostThe problem I think, is if the package maintainer has more access to the application than root does.- Root has full access to the application and it's sandbox even if it's in a flatpak (they are some folder structure somewhere in the disk, I don't recall at the moment).
- Root can also override the sandboxing settings specified in the application manifest with "flatpak override" (both to harden it more or to relax the permissions) http://docs.flatpak.org/en/latest/fl...atpak-override
Of course this requires that root has any understanding of Flatpak first.
fapping fapping, redhat hate, fapping, hate on redhat and to people that support it... perhaps it's my imagination.
- Likes 2
Comment
Comment