No announcement yet.

Snaps & Ubuntu Core Desktop Talked Up At FOSDEM 2024

  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    Originally posted by TheJackiNonster View Post

    I made a different experience. On Flathub I never received any hint to lower permission requirements. Neither I did notice anyone checking my app for changes after initial verification. With snaps on the other hand my apps are continuously verified manually which I get notified about after a new build and they automatically notify me about outdated dependencies in my apps. Flathub doesn't seem to care at all about deprecated dependencies which is why a lot of apps probably contain known security issues inside.
    The instructions for enabling their dependency-checking bot are at

    Once the relevant lines are added to your flatpak-builder manifest, it will automatically check for updates and open PRs with updated dependencies and, if paired with GitHub Actions or some other CI bot, and a good test suite, can turn updating dependencies into a simple matter of "Receive e-mail from GitHub, look at test results, Click merge button, wait three-hour 'oops' grace period for changes to go live".‚Äč

    As someone who wrote the manifest the PySolFC maintainer now uses, and who maintains the I Have No Tomatoes Flatpak, I can confirm that it'll support basically anything, including parsing arbitrary HTML to find updated dependency URLs.
    Last edited by ssokolow; 08 February 2024, 01:52 PM.


    • #52
      Originally posted by user1 View Post
      What if the developer makes his software do something malicious and no one catches it before it gets to the user?
      You better quit using the software from that developer, period.


      • #53
        Originally posted by user1 View Post
        additional wall of security which you don't have if you get the software directly from the developer. What if the developer makes his software do something malicious and no one catches it before it gets to the user?
        if the dev will put something malicious inside the app the maintainer/packager will be very unlikely to spot it- unless there will be some warning for buffer overflow etc - but any half decent dev would make sure it would not show up so easily.

        it's way more likely that it's the maintainer will put something inside- either by an accident or on purpose. And snaps/flatpaks do offer some sort of sandboxing (even if many of them runs with the very broad access by default). applications installed via debs do not run in sandbox unless otherwisely specified. and they can do whatever they want in pre and post installation scripts.