-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
flatpaks: rework handling of untrusted app vendors #427
Comments
Also, it would be nice if we could have the ratings and comments back. As it is now, it is very hard to judge if an unverified flatpak is a useful, bad or actively harmful. Being able to review a flatpak and see the reviews of others would help with peace of mind and serve as a tool to warn others. |
I don't think the onus should be on us to make unverified flatpaks more convenient or less scary. It's on them to get their apps verified. Yes I'm sure most if not all of these unverified Flatpaks are perfectly benign, but:
|
Good point.
How does my proposal affect the way how and where users report bugs? Not at all in my opinion. If they can see the app within So, invalid point.
I never said that. I was coming from the place that the Microsoft Store (and Apple's App Store for that matter) do not show unverified applications at all, because they do not have the notion of such a thing. All applications there go through a verification process, regardless of the quality of said process. With that in mind: Mac and Windows users alike, who are used to these app stores and never used Linux (Mint), will miss a bunch of applications because they are hidden away from them with the current behavior of Users will be scared away not by "unverified", "untrusted", "insecure", or "unapproved" applications. Most people don't care. They will however be scared away by an app store which hides 60% of the applications they want from them and then go ahead and deem the whole app store "a bad user experience" because they did not (want to) figure out the respective setting. My proposal is just a much more intuitive way of achieving the same goal as the setting Show unverified Flatpaks (not recommended).
Trust on the internet is generally only achieved by reviews and trusting others. By your argument, all TLS certification is invalid, because it all comes down to the TLS root certificate chain being trusted by your system. What's at the end of that root certificate chain? Some root certificate you don't know, but trust, because the whole chain trusts it, so your system trusts it. If you want to buy a TLS certificate, who do you go to? Some company that has been reviewed by other companies stating that they do great service, or some random company that doesn't have any reviews at all, or worse, has less favorable reviews? Only reviews will tell (new) users of
What thing exactly? I'm curious. |
Having the global flatpak setting Show unverified Flatpaks (not recommended) in Mint 22 is generally a step in the right direction. However, I would much prefer handling untrusted app vendors (like the Google Chrome flatpak vendor) differently.
How about changing the behavior to the following?
true
)false
if checkedIf steps 3 and 4 are negations of each other because there is no such thing as "trusted flatpak app vendors", then I'd also be very happy with Untrusted Flatpak in red for any flatpak app.
This way of doing it is what I believe to be the more traditional and much more intuitive way. Coming from Windows, new users might struggle to find applications and aren't really aware that such a setting could even exist in the first place (as the Microsoft Store only shows trusted apps no matter what). And those coming from an older version of
mintinstall
may be surprised about the current/new behavior as well.Edit: This is coincidentally exaclty how Elementary OS does it. I didn't know that when I wrote this issue. But still, I think it's a much better solution.
The text was updated successfully, but these errors were encountered: