Linux

7730 readers

268 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of [email protected] and The GIMP

founded 2 years ago

MODERATORS

[email protected]

158

Flatpak is not perfect, but it's getting better (thelibre.news)

submitted 6 days ago by [email protected] to c/[email protected]

34 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 8 points 6 days ago (1 children)

that they would disclose on their website

Wouldn't it make more sense then for them to simply host the Flatpak themselves? I kind of thought that was the whole idea of Flatpak.

[–] [email protected] 7 points 6 days ago

Best to do both, really, so a record of using a consistent public key is created.

Then supply chain attacks might be noticed. If someone manages to replace the file on the webserver but can't get to the signing key you've prevented the attack.