> Flatpak and Flathub terrify me
I thought Flathub has a review and approval process. Does it fall short in some fundamental way?
Any review process is more than the AUR and NPM are doing.
> Flatpak and Flathub terrify me
I thought Flathub has a review and approval process. Does it fall short in some fundamental way?
Any review process is more than the AUR and NPM are doing.
https://docs.flathub.org/blog/app-safety-layered-approach-so...
Flathub only reviews the manifest.
If your manifest is covertly injecting malware into the build it could be easily missed. Consider some of the manifests are simply downloading deb packages and unzipping them.