Flatpak application security is literally opt-in and it's essentially designed around just giving access to everything and opportunistically eliminating it. Applications choose if they want to do things in a way that respects privacy and user consent or just use the old approach.
Conversation
So, from the start, most of these technologies are disposable ones designed in a way that they need to be replaced. There's a weak attempt at making something incrementally better with the expectation that everyone puts in massive effort to migrate just for it to be replaced.
1
1
1
Anything using D-Bus which is most of this technology stack is dead on arrival since that's such an awful dead end approach. It was totally rejected for inclusion in the kernel which they needed to make it somewhat less bad. It's a massive security issue as it exists right now.
1
2
2
I have to deal with these things on my workstation and on servers. It's not fun. I mostly live in a terminal but this stuff creeps onto my system and I find the entire thing laughable. I don't know what they're trying to accomplish. It's like watching toddlers make an app system.
1
1
1
It's worse than toddlers. Children experiment and learn from it. The freedesktop people don't learn anything, and most of them are actually getting a paycheck to produce all that crap.
1
1
My issue with Flatpak is largely that it's not actually a well-defined application sandbox but rather applications bring their own security policy which is just not workable. It also repeats many of the things that are clearly mistakes. Should learn lessons from iOS / Android.
1
1
Having apps define their own security policy is terrible, but separately from that, coarse permissions for bulk data access are a bad model to encourage. Android has had to spend year after year making substantial privacy/security improvements many of them backwards incompatible.
1
1
And they are not even trying to provide parity with the awful way that things started out. It's so much harder to make things right after the fact like Android trying to do away with coarse permissions for shared storage which is effectively now delayed by a year until Android R.
1
There are so many lessons to learn from the failures and years of corrections in these mobile platforms with actual app sandboxes but they are seemingly not even capable of providing a real app sandbox that's meaningful. I don't understand how it can possibly be so bad.
1
1
I have major doubts / issues with so much of it like the approach taken for Wayland and that new ecosystem, of essentially not trying to solve the problems and leaving it up to a fragmented ecosystem to provide a myriad of broken solutions. I can't see how it makes sense.
1
2
Each window manager ending up responsible for implementing a very basic features and tons of security policy, etc. because the buck has been passed from the people working on the infrastructure. The barrier to making a window manager is now very high and they are screwing up.
I use i3 right now. The successor to that for Wayland is supposed to be Sway but it ends up needing to deal with so much other nonsense and security policies, that it is screwing up, because it's clearly not their area of expertise. It's going to be some insane fragmentation too.
1
2
I would have expected to be using Wayland by now especially since it's a requirement for a workable universal application sandbox. It's just part of that though. There's so much more that has to do done and having each WM deal with it (they'll often just pass on security) sucks.