Imagine your friend that does not know anything about linux, don’t you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?
I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S
I believe this warning could have a less alarming design, saying something like “This app can use elevated permissions. What does this mean?” with the “What does this mean?” text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have “verified” on the app and a red warning saying “Potentially unsafe”, the user will think “well, should I trust this or not??”
If you use Debian-based linux (Ubuntu, Minut, others), Mozilla recommends getting the package directly from their respository rather than flatpak or other repos.
Personally, I saw a major performance increase on my low-powered laptop when I switched from flatpak to the Mozilla package.
That’s nice, I think I’ll switch from Firefox ESR on Debian!
isn’t flatpak by definition relying on a second software source, hence 2x as much risk as relying on a single source (your OS repo)?
A distro has thousands of independent sources. No your distro doesn’t audit them all, barely any.
“barely any” is neither entirely accurate, nor does it excuse the use of flatpaks.
In my opinion, those warnings are not used to help users but to shame developpers for not trully sandboxing and verifying their apps. Developpers know that having this warning will decrease the number of users downloading it. The goal in the long run is to improve app sandboxing and security.
Completely agree. Training normies to click OK on warnings like this is a no-good terrible idea.
They shouldn’t click on on this tho
Considetng flatpak doesn’t verify the authenticity of what it downloads, all flatpak users should just expect that what they download is a virus
They should be worried. We don’t want them comfortable.
So many negative things have entered our culture bc people don’t care about dangers. Nearly every app should have a warning
Nearly every app should have a warning
No. If you put a warning on every app (except for the most trivial ones that don’t actually do anything useful) then the warnings mean nothing. The become something more than ass-covering legal(ish) BS.
Good.
People need to view out of channel software with a hairy eyeball.
Hell, I run Debian all over and it’s absurd that the main repositories don’t do checksums on downloaded packages!
I think it’s absurd that most distros have no tools whatsoever for doing checksums of their own files. Windows certainly got that part right IMO.
I’m double checking this myself now, but there are plenty of tools (debsum) they’re just not part of the default implementation as of last time I looked.
Right, I’m talking about like periodic or real-time scanning and alerting, which DISM/SFC on windows does.
i’m almost 100% that debsums on apt stuff and the --verify flag in rpm distros do what sfc did. (kinda, debsums and --verify check against a list of checksums from the repo, i’m pretty sure sfc cracks open an actual known version of the files and compares em with whats on disk)
idk what dism does.
What does ‘user device access’ mean?
those warnings on mint and flathub are so ridiculous, there’s no difference between those and official ones, somebody could just as easily put something nefarious in any flatpak
pretty standard compared to OSs like Android and iOS. i think the mobile OSs, at least recently, have done better at this; they don’t ask for permission until they need it. want to import bookmarks? i need file system access for that. want to open your webcam? i need device access. doing it all upfront leads to all the problems mentioned in this thread: unclear as to why, easy to forget what access you’ve given, no ability to deny a subset of options, etc.
