> > Can you elaborate? What security issues? > > Could installing runtime X subvert runtime Y used by other apps, e.g. > > by claiming that X is an update for Y? In that case I'd expect that > > GPG keys have to match, or something like that. > > Yeah, the app requires the runtime X which is not installed and adds a > remote to install it, but the remote could also contain a malicious > version of the runtime Y which is already installed and used by other > apps, and the malicious version overrides it as an update. Then other > apps get infected. > I think all that matters are runtime ID and version, AFAIK GPG only > checks if the runtime comes from the remote it claims it does. > Yes, there could be a safety catch that would prevent updating the > runtime from a different remote than the original one. I think this is quite essential to have. It would allow automatic runtime installation without any questions asked, which is something I expected (or at least hoped for) from flatpack. I want to download a file and double click on it. I don't want to decide whether remote X needed for runtime Y is trustworthy or not. The user should not even know what a runtime is, it should be completely transparent :) I'm no security expert but in my naive world it shouldn't be too hard to make sure that remotes can't supply updates for runtimes from other remotes, using digital signatures. _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
