Re: F35 Change: Filtered Flathub Applications (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 30, 2021 at 9:26 AM Vitaly Zaitsev via devel
<devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> On 30/06/2021 14:44, Owen Taylor wrote:
> > Setting up an independent non-profit, and maintaining it's non-profit
> > status is a quite involved activity. (details depend on the country,
> > of course!)
>
> If Flathub want to be a trustworthy repository, it should be done.
>
> > Hopefully this
> > provides some assurance that Flathub won't suddenly start doing
> > something entirely different.
>
> No, it doesn't. FreeNode situation is an example.

While the GNOME Foundation could license or transfer the Flathub name
to a commercial entity if it determined it was in the public's best
interest, so could a hypothetical Flathub Foundation. In the end,
Fedora doesn't have a lot of leverage to demand that the Flathub
community organize itself as an independent non-profit! That being
said, if we get some Flathub maintainers to come to the FESCO meeting,
I'm sure they would be happy to answer questions about how Flathub is
run and decisions are made.

> > If we lost trust in Flathub, Fedora would also have the ability to
> > update the filter to have *no* applications in it.
>
> Every application with --filesystem=host or --filesystem=home can drop
> all filters, enable new repositories, etc.

There's a distinction to be made between dubious behavior (inserting
ads in applications, say) and out-and-out malware. My comment was
aimed at the former - different things would need to be done in the
latter case. I don't see any reason to expect Flathub to be knowingly
engaging in either. We currently offer various third-party RPM
repositories where the packages run without any sandboxing at all.

> > Flathub is a packaging community, like Fedora. Being a professional is
> > definitely not a criteria for contributing to Fedora.
>
> All Fedora packagers must be sponsored first and they know at least
> Fedora packaging guidelines. On Flathub anyone can add anything.
>
> > This is something that definitely can be and will be examined when
> > reviewing applications for inclusion in the Fedora filter.
>
> This is not a panacea. Some Flathub maintainers added --filesystem=host
> or --filesystem=home after the initial review.

I would imagine that when it happens, it's typically not because the
maintainer is trying to sneak something over on their users (and users
will get prompted on upgrade), but because it turned out there were
issues with the more restrictive permissions.

The main point of sandboxing is not to protect the users against the
Flathub maintainers, or the app authors. It's to protect the users
from malicious actors exploiting vulnerabilities in the application.
By checking that the application has reasonable permissions at review
time, we can get some idea of whether the Flathub maintainer knows how
to use permissions, but yes, we are delegating some trust to Flathub
here in the case where this changes.

The Flatpak and Flathub communities would definitely appreciate help
in figuring out how to nudge Flatpak packagers and application authors
towards more restrictive permissions.

- Owen
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux