Comments by "Gilad Barlev" (@GSBarlev) on "Linux Mint Doesn't Understand Flatpak Verification" video.

  1. ​ @AClockworkHellcat That works. Verified / unverified is fine too. The issue I have is solely with the scare warning about the potential for malware—not because unverified packages can't contain malware, but because verified ones can as well.
    25
  2. They're already shielded—pretty much all FOSS licenses contain an "as-is" disclaimer disavowing all warranty and responsibility for their use. If anything, marking certain packages as "safe" opens them up to legal risk.
    25
  3. ​​ @cameronbosch1213 Yeah, but do you really need the latest VLC or Inkscape? Given that developers who don't release their own flatpaks tend not to like answering bug reports from people who use those flatpaks, I don't think this is actually the worst policy in the world. Edit: clarifying—preferring packages packaged by trusted users / OG maintainers is fine—conflating that with security is not
    7
  4. How secure is the default-permission sandbox? I know I've found not having access to /usr/bin, for example, to be a pain in the toucans, but making things inconvenient for users is different than making things safer against malicious developers.
    1
  5.  @conjurermast  Agreed. But—and maybe I'm misremembering—doesn't Chromium receive pretty timely updates on all Debian/Ubuntu branches?
    1