Hi,
This is a direct response to flatkill.org 2020.
I’ve heard a lot of misinformation about Flatpak spread by the community and by a website called flatkill.org. I took the time to write my own response with the help of Flatpak contributors and developers to debunk the claims of flatkill.org to stop the spread of false information.
Removed by mod
Still, nothing makes it trustworthy to end users. If I have to trust a random person on the internet to create a flatpack it’s not more secure than running a binary found on 4chan.
To provide acceptable security to all users a real software supply chain process is needed:
…which is a less meticolous version of what Debian does. Various large companies have similar processes for internal use.
Another clarification: nothing prevents sandboxing application deployed with deb or RPM packages. It’s routinely done for system daemons, for example, and by firejail and similar for applications.
Also nothing prevents bundling dependencies inside a package when there’s a good reason to do so.
Removed by mod
It was just an example of a random person on the Internet. I rephrased it to clarify.
Removed by mod