The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

    • KomfortablesKissen@discuss.tchncs.de
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      A matter of perspective I think. It’s a flaw in my opinion. Just downloading anything from anywhere sets one up for failure/malware.

      Code Signing on its own is useless, I think. If there is no distribution structure or user-validated trustchain, of course. But then you don’t really need Code Signing, a simple hash is enough.

      My personal preference are the distro repos, to a point where I even dislike additional package managers like pip, npm or cargo.

      • boredsquirrel@slrpnk.netOP
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        5 months ago

        Just downloading anything from anywhere sets one up for failure/malware.

        Reducing the size of the OS helps a ton here.

        And mounting home read-only. I think Android and ChromeOS do that. I will experiment with that too, it is really interesting. You mainly need a different place to store user scripts, and appimages are broken (how sad), the rest should be fine.

        Then a few more core concepts help too:

        • KISS (keep it stupid simple)
        • Unix philosophy (everything does one thing and stays transparent)
        • and the concept of least privilege (seccomp, MAC (mandatory access control, SELinux/Apparmor, sandboxes, jails, etc).

        Flatpak helps a ton centralizing the packaging efforts. And it works. There are tons of officially supported packages. And I guess many of them will be maintained upstream.

        But you still have a secure system, sandboxing, verification and packagers that keep an eye on it, kind of.

        On a secure system you would need to pay a lot of people, like the typical 3-5 people that package most apps. For doing security analyses, opting-in to every new update etc.

        • KomfortablesKissen@discuss.tchncs.de
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          I’m sorry, I don’t think I can see the point you are making. Are you saying that one can get around the 3-5 people by using flatpaks, ro home directories and other mitigations?

          • boredsquirrel@slrpnk.netOP
            link
            fedilink
            arrow-up
            1
            ·
            5 months ago

            get around the 3-5 people

            What people?

            Nonexecutable home directories I mean. /tmp too. This only makes sense as normally programs are in different areas. I will experiment with that.