fsebugoutzone.org:9999

Post AZCGfjlsQVZmVMGMTY by grillchen@brotka.st
(DIR) More posts by grillchen@brotka.st
(DIR) Post #AYZ6joBcffpfVg3Qwa by grillchen@brotka.st
2023-08-09T20:24:35.000708Z

0 likes, 0 repeats

@thelinuxexperiment how can i be sure all dependencies inside a flatpak are up to date with the newest security updates? do i need for the maintainer of every flatpak relying on curl for example to update their curl version?

(DIR) Post #AZCGfip1xIVLYqjMki by sezamoracl@mastodon.social
2023-08-28T15:37:47Z

0 likes, 0 repeats

@grillchen @thelinuxexperiment This is why distributions &#39; should be&#39; part of the core dependency ( some kind of central core maintained by everyone ). I don&#39;t know how exactly this should work in future, but obviosly flatpak it is a real solution in order to get more apps comming to gnu/linux. In my case, I use 90% of apps provided by the distro, but there are certain cases that even the same version of repo apps, it&#39;s free of issues through flatpak system( i.e. Dialect ).

(DIR) Post #AZCGfjlsQVZmVMGMTY by grillchen@brotka.st
2023-08-28T17:49:38.769721Z

0 likes, 0 repeats

@sezamoracl @thelinuxexperiment i only agree for old legacy software or testing a software for some reason. otherwise this is a security disaster waiting to happen. any percent preventable insecurities is bad.

(DIR) Post #AZCTLUXSeLpksHCF7Y by sezamoracl@mastodon.social
2023-08-28T19:52:04Z

0 likes, 0 repeats

@grillchen @thelinuxexperiment If I know that flatpak apps I&#39;ve installed are really isolated and I know that the source of the application is very reliable, I can feel safe.On the other hand, I have no idea what proprietary firmwares do to drive my motherboard, cpu and gpu.That should be more worrying. From my point of view, at least gnome software warns you previously about security policies involved in the installation.Regards.

(DIR) Post #AZCTLVF42EiD3Vb45I by grillchen@brotka.st
2023-08-28T20:11:40.045784Z

0 likes, 0 repeats

@sezamoracl @thelinuxexperiment flatpak does not offer sandboxes but containers. most apps using flatpag dont even use flatpaks on security mechanisms. but even with those in mind it isnt an isolated sandbox.(https://hanako.codeberg.page/)also they talked for many years about goals and promises on security they wish to achieve, rather already achieved.firmware not being open is completely other issue being solved by libreboot/coreboot/oreboot/etcflatpak confuses user by using the term sandbox for something which isnt a secure sandbox (see their own definition https://flatpak.org/faq/#Is_Flatpak_a_container_technology_)A sandbox per definition though means &quot;A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. &quot;even being more flexible i would only grant the least possible priviliges to an application to run it to call it a sandbox. just putting stuff into a container isnt a sandbox. many flatpaks have not only access to the root file system but also many many old dependencies. Flatpak isnt a solution to fixing bug and patching. it makes the issue much much harder because instead of fixing a package once per system we have to fix it in every flatpak that relies on it.