Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

So the solution is to have the package manager decide things for every user?


Yes, the point is to have the package manager set sane defaults for every user.

Say you distribute a video app. It is completely counterproductive to have every user click on a permission dialog "I allow this video app to open videos". This only trains users to blindly allow everything to make software, you know, work at all.

A much more sane approach would be to enable access to ~/videos and other reasonable places at install time and only ask for additional permission when needed.


Flatpak allows this, but requires changers to the application so that it calls the correct API's when requesting files outside of the allowed directories.

The article does highlight some actual issues, but the author implies that the solution is to simply not use it at all and go back to the free for all smörgåsbord of access rights that an application installed from the regular repositories have.

Personally, I consider Flatpak the best solution available right now time minimise the attack surface for anyone not willing yo go all the way and run Qubes OS. If there is a better alternative I'd be happy to hear it, since I cannot run Qubes one of my machines.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: