undefined | Better HN

0 pointsyencabulator3y ago0 comments

And write access to $HOME lets a process climb out of the sandbox.

Trying to make sense of Flatpak's threat model is just near-impossible. It might protect you from something, if the specific app's configuration told it to do so. Starting a random Flatpak app, you have no guarantees, and the UX doesn't communicate anything about this.

0 comments

4 comments · 2 top-level

Gigachad3y ago· 2 in thread

We are in a transition period. Starting with getting apps packaged in flatpak even if it doesn’t improve security, and then once that’s all done we can start tightening the restrictions.

littlestymaar3y ago

In that case can you please at least stop advertising flatpak for its security until it happen to be secure eventually…

yencabulatorOP3y ago

We shall see. "And then, we add security" has so far never won.

AnIdiotOnTheNet3y ago

I totally agree about letting applications determine their own defaults being a bad idea.

j / k navigate · click thread line to collapse