Linux

7659 readers

311 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

149

Flatpak is not perfect, but it's getting better (thelibre.news)

submitted 4 days ago by Pro@programming.dev to c/linux@programming.dev

42 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Creat@discuss.tchncs.de 14 points 4 days ago

I have no idea why you're being down voted. The whole thing with flatpacks is that they come from a large number of individuals, maybe the author of the software, but often not from a central organization you can trust. That's the fundamental difference to distro repos, who can just have a single anchor for trust.

Mindlessly signing something doesn't increase security in any way. Then requiring it just means hassle to having to add keys to be trusted every time you want to install anything. Malicious actors can just create a key and sign the package as well. That's the whole reason it isn't required in the first place.