Linux dev quits after "personal attacks" from user over Kapitano antivirus tool (www.neowin.net)

submitted 4 months ago by BrikoX@lemmy.zip to c/opensource@programming.dev

9 comments fedilink hide all child comments

Kapitano, a fast-rising Linux antivirus tool has been discontinued after its creator shut it down, citing "harsh words" from a user.

you are viewing a single comment's thread
view the rest of the comments

[+] ISO@lemmy.zip -10 points 4 months ago

Can Flatpak itself be sunset with some bullying?

[-] Ghoelian@lemmy.dbzer0.com 9 points 4 months ago

...why?

[-] ISO@lemmy.zip -3 points 4 months ago

Just the common "hate" talking points.

Because it's more inconvenience than help for users who are average or above, and have no interest in using that technology.

If app developers start distributing binaries as flatpaks exclusively (examples of this already exist), then just extracting those binary packages alone is a chore (involving obscure(ish) steps starting with creating an empty ostree). It's the kind of knowledge that is so useless you immediately erase it from your memory, which is what I did.

Also, one look at the dependency tree of flatpak, or even just ostree, and you quickly realize how much of a joke the "security" claims are with all that attack surface (think the xz in systemd drama and multiply it by a 100).

[-] FizzyOrange@programming.dev 8 points 4 months ago

Because it’s more inconvenience than help for users who are average or above

Shouldn't be a problem for you then right? 😄

[-] ISO@lemmy.zip 1 points 4 months ago

This is such a excellent unexpected original comeback, I will give you a chance to do another one.

How to extract the content of a flatpak

Which is something you presumably want to do because you don't want to use flatpak/ostree.

The first step of course, is to install ostree. 🤨

Then, via this very official method:

ostree init --repo=repo --mode=bare-user
ostree static-delta apply-offline --repo=repo some.flatpak
ostree checkout --repo=repo -U $(basename $(echo repo/objects/*/*.commit | cut -d/ -f3- --output-delimiter= ) .commit) outdir

This official solution looks very reliable.

The impenetrable building blocks

Searching vulnerability databases will obviously prove futile. Like the below sample entries (search limited to CVSS>=9.0 and Age<90d)

[CVE-2025-7458] Critical - SQLite - Integer Overflow
  ↳ Priority: MEDIUM | No exploits | Vuln Age: 15d (RECENT)
  ↳ CVSS: 9.1 | EPSS: 0.0003 | KEV: ✘
  ↳ Exposure: 12 | Vendors: sqlite | Products: sqlite
  ↳ Patch: ✔ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘
─────────────────────────────────────────────────────────────────────────
  
[CVE-2025-6965] Critical - SQLite - Buffer Overflow
  ↳ Priority: HIGH | EXPLOITS AVAILABLE | Vuln Age: 29d (RECENT)
  ↳ CVSS: 9.8 | EPSS: 0.0005 | KEV: ✘
  ↳ Exposure: 13 | Vendors: sqlite | Products: sqlite
  ↳ Patch: ✔ | POCs: 1 | Nuclei Template: ✘ | HackerOne: ✘
─────────────────────────────────────────────────────────────────────────

  
[CVE-2025-49796] Critical - libxml2 - Denial of Service
  ↳ Priority: MEDIUM | No exploits | Vuln Age: 57d
  ↳ CVSS: 9.1 | EPSS: 0.0013 | KEV: ✘
  ↳ Patch: ✘ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘
─────────────────────────────────────────────────────────────────────────

[CVE-2025-49794] Critical - libxml2 - Use After Free
  ↳ Priority: MEDIUM | No exploits | Vuln Age: 57d
  ↳ CVSS: 9.1 | EPSS: 0.0013 | KEV: ✘
  ↳ Patch: ✘ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘
─────────────────────────────────────────────────────────────────────────

[CVE-2025-4517] Critical - Python tarfile - Path Traversal
  ↳ Priority: MEDIUM | No exploits | Vuln Age: 71d
  ↳ CVSS: 9.4 | EPSS: 0.0015 | KEV: ✘
  ↳ Patch: ✘ | POCs: ✘ | Nuclei Template: ✘ | HackerOne: ✘

─────────────────────────────────────────────────────────────────────────

libxml2 and sqlite are in the dependency tree of ostree itself of course. But really, nothing to see here.

this post was submitted on 12 Aug 2025

43 points (86.4% liked)

Opensource

4576 readers

267 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev