• renzev@lemmy.worldOP
    link
    fedilink
    arrow-up
    1
    ·
    6 months ago

    that website is such a joke, I can’t believe the guy’s still paying for the domain name… The whole argument boils down to “Many flatpak apps don’t make use of the sandbox by default, which is <somehow> less secure than not having a sandbox at all” and “this one app I like doesn’t work in flatpak, therefore all of it is bad”.

    …unless it literally is a joke and I’m just missing out on the sarcasm?

    • user@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      6 months ago

      Its only worse than not having it at all in the sense of giving users a false sense of security. Imagine if apps on mobile could decide what permissions they want automatically granted without the user opting in. The sandbox HAS to be enforced by default to be good. And the other issue with flatpak is the security, which we had several problems with in the past. On the same note, people criticise snap but its a much more competent solution from a technical standpoint regarding security and since people get all their apps from flathub anyways, the “propreitary” backend is mostly irrelevant. And before anyone says “snap store had malware hosted” that is not an issue with the format itself but the infrastructure.

      • user@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        Also. Maintaining snap packages are easier for developers, and companies, therefore they are more likely to distribute apps on Linux to begin with.

      • renzev@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        5 months ago

        Its only worse than not having it at all in the sense of giving users a false sense of security.

        Flathub’s website has a bigass banner telling you if an app requires permissions that they consider dangerous. And flatpak’s CLI tells you what permissions are needed when installing an app. It’s pretty hard to miss, no?

        • user@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          This is still not a reason to automatically grant them. This permission model is fundamentally flawed. Besides, the CLI doesn’t even show these.