|
On 07/15/2017 01:43 PM, Matthew Miller
wrote:
That depends whether the process Andrew described happens every time you run the app, or only when the packager prepares a flatpack, in which case the annoying questions are asked of the knowledgeable packager, and only once. Of course this assumes that it's practical to do a complete run-through of all the different code paths, which may be questionable for large apps.On Fri, Jul 14, 2017 at 02:56:34PM -0700, Andrew Lutomirski wrote:This is only a problem because Flatpak is currently following the IMO rather busted old Android model. With very few, if any, exceptions, I think a much better model would be for an application to start with basically no permissions and to have to ask for fine-grained permissions as needed. Think iOS but tighter. By default, an app shouldn't be able to use the network, see what other applications are installed, or get your unique advertising ID without explicit consent, let alone access your dotfiles.I don't agree. With this model, every time you try to do something, you're bombarded with questions asking if you want to do the thing you tried to do. It gets very easy to fall into a default of clicking a bunch of yesses all the time. That serves no *real* security benefit and yet adds to user annoyance. There's gotta be a better way than that. |
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
