• thingsiplay@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    The Flathub security rating is useful but too cautious (so many “false alarms” that people ignore it). It is completely independent from the verification though.

    Mixing these up makes no sense.

    That’s right, but I had a point there. My point is, that even verified applications can be marked as insecure on Flathub. That means, unverified applications can be secure based on the standards the Flathub sets. This was my point that its independent and why the verification of source has nothing to do with security. If Linux Mint does hide unverified apps, because it thinks these are unsecure, then it should hide all the applications that are marked as a potential unsecure app; just like the unverified apps are potentially unsecure (just like any other verified app).

    Hopefully this was not too confusing to read.

    • boredsquirrel@slrpnk.net
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Yes, verification is very different from the security rating.

      Poorly you can sort by subsets but not by the security rating.

      There are legacy apps that are always insecure with huge static filesystem permissions AND they are sometimes not well maintained i.e. they dont support the Flatpak.