On Wed, Jun 30, 2021 at 9:26 AM Vitaly Zaitsev via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On 30/06/2021 14:44, Owen Taylor wrote: > > Setting up an independent non-profit, and maintaining it's non-profit > > status is a quite involved activity. (details depend on the country, > > of course!) > > If Flathub want to be a trustworthy repository, it should be done. > > > Hopefully this > > provides some assurance that Flathub won't suddenly start doing > > something entirely different. > > No, it doesn't. FreeNode situation is an example. While the GNOME Foundation could license or transfer the Flathub name to a commercial entity if it determined it was in the public's best interest, so could a hypothetical Flathub Foundation. In the end, Fedora doesn't have a lot of leverage to demand that the Flathub community organize itself as an independent non-profit! That being said, if we get some Flathub maintainers to come to the FESCO meeting, I'm sure they would be happy to answer questions about how Flathub is run and decisions are made. > > If we lost trust in Flathub, Fedora would also have the ability to > > update the filter to have *no* applications in it. > > Every application with --filesystem=host or --filesystem=home can drop > all filters, enable new repositories, etc. There's a distinction to be made between dubious behavior (inserting ads in applications, say) and out-and-out malware. My comment was aimed at the former - different things would need to be done in the latter case. I don't see any reason to expect Flathub to be knowingly engaging in either. We currently offer various third-party RPM repositories where the packages run without any sandboxing at all. > > Flathub is a packaging community, like Fedora. Being a professional is > > definitely not a criteria for contributing to Fedora. > > All Fedora packagers must be sponsored first and they know at least > Fedora packaging guidelines. On Flathub anyone can add anything. > > > This is something that definitely can be and will be examined when > > reviewing applications for inclusion in the Fedora filter. > > This is not a panacea. Some Flathub maintainers added --filesystem=host > or --filesystem=home after the initial review. I would imagine that when it happens, it's typically not because the maintainer is trying to sneak something over on their users (and users will get prompted on upgrade), but because it turned out there were issues with the more restrictive permissions. The main point of sandboxing is not to protect the users against the Flathub maintainers, or the app authors. It's to protect the users from malicious actors exploiting vulnerabilities in the application. By checking that the application has reasonable permissions at review time, we can get some idea of whether the Flathub maintainer knows how to use permissions, but yes, we are delegating some trust to Flathub here in the case where this changes. The Flatpak and Flathub communities would definitely appreciate help in figuring out how to nudge Flatpak packagers and application authors towards more restrictive permissions. - Owen _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure