Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Flatpak makes it very hard to see who packages what. There are apps that look official, buy are built in third-party repositories.

With distributions packages, there's a bigger barrier to entry which is at least better in avoiding sneaky malware from easily creeping in.



For one thing, barrier to entry is not a security feature. Malware has made its way into paid app stores.

I think someone running Linux wants low barrier to entry as a reason to use the system. They want a system built by communities and not by corporations with walled garden toll booth business models.

But this point is extremely weak either way when you compare to the Windows barrier to entry which is effectively zero. Or you can compare flatpak to Mac users installing software with Homebrew.

I think if you look at flathub there are very good explanations on each piece of software regarding whether the author is verified, what the license and code availability status of the package is, and which permissions are being used when installed. It seems to use relatively strong language to describe permissions features as potentially unsafe.


But its used to create the illusion that linux can be used by typing handymen.


Flathub is VERY transparent which packages are not verified and unlike system packages they come with sanboxing which if correctly configured (also transparently displayed) can mitigate malicious access.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: