Linux

45479 readers

1422 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

173

Inkscape Flatpak is looking for a maintainer! (github.com)

submitted 1 week ago by [email protected] to c/[email protected]

76 comments fedilink hide all child comments

The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 7 points 6 days ago (2 children)

Wait till you learn that your flatpak client doesn't verify anything it downloads

[–] [email protected] 3 points 6 days ago* (last edited 5 days ago) (1 children)

*'til

But the lack of verification and validation is a huge risk to flatpaks. As someone formerly involved with securing OSes, this kind of thing was scary back then and doubly scary since it entered its "don't confirm; just get in, loser" phase.

[–] [email protected] 0 points 6 days ago (1 children)

😱 so I guess install via appimage?? Package manager? 🤷 🤯 brain malfunction. Im thinking don't download or install until you verify the download with a hash and hopefully signature if they exist 🤷 use fedora? Which has better security? 🤷🤯

[–] [email protected] 2 points 5 days ago

Many developers sign their AppImages, but its up to you to verify it

[–] [email protected] 1 points 6 days ago (1 children)

For checksums: https://github.com/flathub/flathub/issues/1498#issuecomment-649098123

Flatpak does verify the integrity of files as it is downloading/installing them. For ostree remotes this is done using GPG signatures (which are better than mere checksums). If you want to see the commit ID (which is like a checksum) for something on flathub use e.g. flatpak remote-info -c flathub org.gnome.Builder and for the local copy flatpak info -c org.gnome.Builder. For OCI remotes we at least check SHA256 sums and there might be more integrity verification mechanisms I'm unaware of.

But for signatures: https://github.com/flatpak/flatpak-builder/issues/435

[–] [email protected] 1 points 6 days ago* (last edited 6 days ago) (1 children)

Checksums are not for authenticity, and link me to the docs that indicates that ostree's optional encryption is enforced in flatpak

[–] [email protected] 1 points 6 days ago

I didn't say they were. Hence the second link.