should i be worried installing these two? what does it mean though?
(these are captured from Pop! OS software manager)
a curse upon these distros for alarming people with such messages. they are meaningless and technically apply to every flatpak
They mean that the app has that permission. It is good that they let the user know the apps capabilities
Not for the average/casual user, which is why this post exists.
The average person will look at that and see the ‘!’ in a triangle and became scared of what it can do to their system, even though it has no more permissions than a system package. Alternatively, they will become desensitized and learn to ignore it, resulting in installing flatpacks from untrusted and unverified sources.
Overall, I just think the idea around having to sandbox all flatpaks is not a good idea. To give a concrete example, Librewolf is marked as “potentially unsafe” because it has access to the download folder, but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions - it’s the worst of both worlds! Trying so hard to comply with flatpak guidelines that it gets in the way of doing things, and still not being considered safe enough.
but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions
There has been a portal to prevent this issue for years now. The fix isn’t to patch around issues in Flatseal, it’s for developers or Flatpak packagers to fix their security policies and code.
As an added benefit, KDE users get thumbnails in their file picker because they’re no longer stuck with the old GTK one but instead can use their native file picker portal. A win for everyone!
I get what you mean. When updating Linux mint, the “This needs to get some additional packages too” window, relatively benign, has a big scary ⚠️/ /!\ on it.
Felt the need to explain to the person I was installing it for. “That’s totally normal, just look it over first and continue.”
…like, it’s gonna do that almost every time it updates, it doesn’t need to look scary. :|
I think they’re a move in the right direction.
Just looking at the weird scaremongering around Signal from the past few days ("a chat app stores keys as files that you can read) shows a trend that I’ve been seeing more the past years: people have gotten so used to the Android/iOS sandboxing system that they’ve either never been taught or have forgotten how normal programs work.
Flatpak and the necessary desktop portals are very much a work in progress when it comes to user friendliness, but they’re what the world has been moving towards for a while now.
I don’t know why a journaling app needs full system access and access to system settings, and the permission Flatseal requests is a dangerous one if you pay attention to these things. Looks like they’re doing their job to me.
I don’t know why a journaling app needs full system access and access to system settings, and the permission Flatseal requests is a dangerous one if you pay attention to these things. Looks like they’re doing their job to me.
Xournal seems pretty trustworthy to me, so I assume it’s for code simplicity (or age) or not being made with Flatpak in mind - just ‘open any file/full filesystem access’’ (for basic functions like opening files) and ‘change system settings’ for probably only a few features that change system settings.
I agree the permissions are dangerous and I commend Flatpak for incentivizing developers to use granular permissions.
As others (and you yourself have said), Flatseal’s entire purpose is to edit Flatpak lermissions, so that one shouldn’t be alarming.
