Maybe we can start by filtering out the most outrageous applications: anything that uses --filesystem=home, --filesystem=host, or unfiltered session bus access. That still leaves plenty of possible sandbox holes, but it's better than nothing.
We could do this just in GNOME Software and KDE Discover for starters, but it'd probably be confusing for the software centers to show fewer apps than Flathub has available. So maybe would be better for the software centers to just present the apps as insecure, and try to convince Flathub to have them removed.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue