On Thu, 2016-06-16 at 14:07 -0400, Przemek Klosowski wrote:
I think that once the full sandboxing / portal system is in place,
> there _will_ be a tangible reason to prefer Flatpak.
Definitely true for third party packages that currenly require
pip/npm/rubygems/(curl | sh :), but you seem to be saying that
Flatpack will be preferable even when there's an existing Fedora
package. I think this needs to be well justified: security is a mixed
bag (RPMs can have sandboxing via SELinux and otherwise, and
containers/flatpacks complicate security updates), and other aspects
also seem to have balancing pros and cons.
You seems to think about a different "security" than what flatpak
provides. Say you run a game, packaged by fedora. Its nicely packaged
and reviewed, so you're not running unreviewed, unsigned scripts as
root to install it. This is traditional "unix security".
However, if the game talks to the network and has bug, it can still
easily be attacked and the resulting powned process has full access to
your ssh keys, your email containing private info, your gpg agent, etc,
etc.
A sandboxed app such as one using flatpak (and a game could be
sandboxed already using flatpak, as it doesn't need portals) would
never ever be able to access this, so even if powned it would not leak
the users data. (Obviously not counting holes in the sandbox due to
kernel bugs or whatever.)