I don't believe the technical details are as significant as the systemtic change to the boundaries of trusted software maintainers. Consider this comment, which appears to be the core justification: Michael Catanzaro wrote: > > Flatpaks already take precedence over RPMs, and there are no plans to > change this for the reasons I mentioned in my previous mail regarding > sandboxing, which is more important than other considerations. A sandboxed trojan application is still capable of damaging the user's security, even if it can't damage the system's security. To illustrate the difference, a subverted browser can share all credit card details seen (user's security compromised), but removing that software removes the subversion (system security not compromised) A preference order of Fedora Flatpak > GNOME Flatpak > Fedora RPM makes user's security of graphical applications reliant upon a wider set of trusted software maintainers than Fedora Flatpak > Fedora RPM > GNOME Flatpak Essentially, for graphical applications the change makes Fedora trust and security processes approach the minimum of of Fedora trust and security processes and GNOME trust and security processes. That's change to the security stance of the distribution which requires explicit discussion prior to accepting the change. -glen _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
