• 0 Posts
  • 8 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle




  • There are quite a few reasons to avoid flatpaks tbh.

    • You have no control over the dependencies. A flatpack can include a very old dependency and there is nothing you can do about it. You are at the mercy of the developer.

    • Many Flatpak applications available on flathub are not effectively sandboxed by default. Do not rely on the provided process isolation without first reviewing the related flatpak permission manifest for common sandbox escape issues.

    • Running untrusted code is never safe; sandboxing cannot change this. It can be a false sense of security.

    • It is generally not a good idea to run unattended updates via systemd, as the applications can get new permissions without the user aware of the changes. See this blogpost for examples

    • Flatpak does not run on the linux-hardened kernel unless you do additional kernel modifications that could have negative security implications.