Oddbean new post about | logout
Mike :nixos: | 2 months ago (raw) | export | reply | flag 
 We need to talk about verified #flatpak  apps, and its potential harm to #linux  adoption.

What are your thoughts?

https://www.linkedin.com/pulse/flatpak-verification-problem-mike-kelly-raauc/
FeekennDarv | 2 months ago (raw) | root | parent | reply | flag 
 This is genuinely worrying. I believe this is another case of corporate Linux shills using security as a excuse to further their takeover of the whole ecosystem.

Basically, instead of using ages old manual review of recipes to guarantee from where the source if being fetch to be build, with integrity assured with a simple hash check, that worked quite well for all major distro repositories... they want to create a public wall of shame to force developers to officially adopt Flatpak.

This is just as insidious as Canonical quietly replacing debian packages with snap ones.

At best, this is laziness speaking: they don't want to review build recipes, and instead, they believe in automatic trust of who can publish, giving up of actual manual review (a stupid and unsafe mindset to the boot). At worse, they want to make the process bureaucratic to gatekeep who can publish.