this post was submitted on 02 Jun 2025

149 points (96.9% liked)

Linux

7659 readers

311 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

149

Flatpak is not perfect, but it's getting better (thelibre.news)

submitted 4 days ago by Pro@programming.dev to c/linux@programming.dev

42 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] FizzyOrange@programming.dev 8 points 4 days ago (1 children)

that they would disclose on their website

Wouldn't it make more sense then for them to simply host the Flatpak themselves? I kind of thought that was the whole idea of Flatpak.

[–] Kazumara@discuss.tchncs.de 7 points 4 days ago

Best to do both, really, so a record of using a consistent public key is created.

Then supply chain attacks might be noticed. If someone manages to replace the file on the webserver but can't get to the signing key you've prevented the attack.