Of course.

Like it or not, that's the only decent way for the future.

For those interested, he is talking about the Portals interface/feature in Flatpak https://flatpak.github.io/xdg-deskto...rtal-docs.html

The future doesn't actually require sandboxing to be something the user can't turn off.

Sure, why not?

Yes it does. That's the only way to ensure that applications are guaranteed to work when sandboxed. So you can sandbox them properly without using server-grade equipment like containers or going full-retard-mode and make a VM.

If your system does not enforce it, like Snap, then none gives a shit and just ships the package with sandboxing disabled instead of bothering to fix the application (like most Snap packages).

Alright, we've now established that mechanisms to disable the sandbox should be on the user configuration side, not the package configuration side.

I'm not saying this to be pedantic, I'm fairly convinced that it wouldn't require magic or defiance of physical laws to give the user a say in the matter. As it seems that a moment ago we were talking about the inevitable and unavoidable. I just don't buy it. Incidentally, lately I'm trying a distro with OSTree that forces you to use flatpak (apt is locked) and a lot of the (native) apps don't work anyway. Nothing forces people offering apps to "give a shit"-- nothing.

No we have not.

It's not a matter of feasibility, it's a matter of security model.

The modern security model (and what I mean with "future") is "assume untrusted". This is not subject to change in the forseeable future.

The user simply cannot know an application is truly trusted. Even power users or developers can't really be 100% sure that some application is trustworthy or not.

Modern OSes designed around that concept like Android do have some form of control over application permissions, but what they allow to third party applications is still only a small subset of what you can actually do if you have full root privilege.

Lol yeah sure.
If the developer does not care, someone else in its developer/contributor/user community will. Most of the stuff on Flathub is made by someone that "gave a shit" and "keeps giving a shit", and not by the original developers (especially for closed-source stuff).

The problem I think, is if the package maintainer has more access to the application than root does. It's fine if the package model locks the App out of the system-- when there isn't a way for the system to get to the package, you now have a crippled root user and a privileged developer.

I can think of a lot of people that appeals to, but it's a serious problem for quite a few of us who have other choices. This is not ultimately a good thing for Flatpak, if Flatpak is intended for the free software ecosystem. It's great for corporations like Red Hat, though lately all you hear about is what's good for them.

Another funny thing about Red Hat, is that when you question something they champion you immediately find people talking to you as if they assume you haven't known the command line for 30+ years and GNU/Linux for more than a decade. It's practically a given, but perhaps it's my imagination.

wtf are you talking about?

1. Root has full access to the application and it's sandbox even if it's in a flatpak (they are some folder structure somewhere in the disk, I don't recall at the moment).
2. Root can also override the sandboxing settings specified in the application manifest with "flatpak override" (both to harden it more or to relax the permissions) http://docs.flatpak.org/en/latest/fl...atpak-override

Of course this requires that root has any understanding of Flatpak first.

Yes it is your imagination.