133

Dont install random stuff to your system guys (lemmy.kde.social)

submitted 5 months ago by rollingflower@lemmy.kde.social to c/linuxmemes@lemmy.world

63 comments fedilink hide all child comments

flatpak remote-add flathub-verified --subset=verified https://dl.flathub.org/repo/flathub.flatpakrepo

you are viewing a single comment's thread
view the rest of the comments

[-] Skyflare@discuss.tchncs.de 4 points 5 months ago

All you need to verify an AUR package is to read the PKGBUILD file, which is something the AUR keeps on encouraging you to do (this assumes that you trust the upstream repo, which is something that even official packagers of most distros do)

Also a lot of flatpak packages aren't sand boxed enough to be safe and only ends up giving false sense of security to nontechnical users

Your last point is extremely important though, AUR is horrible for nontechnical users (which is why the AUR discourages AUR helpers)

[-] rollingflower@lemmy.kde.social 2 points 5 months ago

Okay having an easily readable build file is a bit missing. Flathub hides that a lot.

I think their rating system, which is on the website and also GNOME Software, displays apps with home access as insecure.

And somehow this seems to be general knowledge and an issue about a privilege escalation through a local override was just closed. Yay

this post was submitted on 08 Apr 2024

133 points (83.4% liked)

linuxmemes

20707 readers

1702 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

poopsmith@lemmy.world

zephyr@lemmy.world