Can i trust Flathub?

RLFontan

Hey guys, what's up?

I see a lot of people talking bad stuff about Flathub security on the internet, so I'm here to ask what you guys think. Sometimes i found some application on Flathub i want to use, but i always give because of these stuffs.

Ty!

kyrios

RLFontan Who ? Sources ?

dbarron

To me, those sort of packaging strategies (snaps, flathub, etc) are only for things not available as native packaging. I have no direct experience with Flathub, but the fact that it allows decentralization, means potentially many more fingers to point as regards security. My advise would be to be properly skeptical. I know this methodology is a good thing with regards to more applications being available in Linux, and certainly not worse than the windows zip we used to download and install from all over the internet, but it still scares me a little.

RLFontan

kyrios

Same guys on this group:
https://t.me/linux_group

Tobias, that is on that group, and in Fedora group is one of the people who criticize. Tobias even said that one reason to the fact that Fedora is implementing their own Flatpak repository instead of Flathub, is to try to solve security problems... but personally idk, i just try to hear what the IT guys say... but sometimes the IT guys says a lot of different things.

JoshStrobl

"Some random person on the Internet" - Did they provide any evidence? A link to a Fedora blog post or wiki page highlighting the issues with it?

RLFontan

JoshStrobl No, they don't! He only said something like the libraries inside those Flatpaks are outdated or something. I mean, Telegram discussions can be really quick, much more like instructions on alone phrases than really discussions... as i am a newbie searching some quick information, sometimes i just accept it in good faith.

There is also that Flatkill thing, but i think even some of the guys who criticize don't care very much about this flatkill website anyomore.

KronikPillow

Well I dunno, that Snap/Flatpak paranoia is ridiculous to me .. Snap/Flatpak to me, is similar to the Arch AUR, I'v been a long time Arch user and I have installed tons of stuff from the AUR and never had problems with it ... never used Flatpak or Snap tbh, but at least, on Flatpak and Snaps, there is some evaluation, security checks, etc, on the AUR there is none, yet people aren't paranoid about it