Not for the average/casual user, which is why this post exists.
The average person will look at that and see the ‘!’ in a triangle and became scared of what it can do to their system, even though it has no more permissions than a system package. Alternatively, they will become desensitized and learn to ignore it, resulting in installing flatpacks from untrusted and unverified sources.
Overall, I just think the idea around having to sandbox all flatpaks is not a good idea. To give a concrete example, Librewolf is marked as “potentially unsafe” because it has access to the download folder, but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions - it’s the worst of both worlds! Trying so hard to comply with flatpak guidelines that it gets in the way of doing things, and still not being considered safe enough.
but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions
There has been a portal to prevent this issue for years now. The fix isn’t to patch around issues in Flatseal, it’s for developers or Flatpak packagers to fix their security policies and code.
As an added benefit, KDE users get thumbnails in their file picker because they’re no longer stuck with the old GTK one but instead can use their native file picker portal. A win for everyone!
I don’t know about this in depth, but from what another user in this thread said, a flatpak can’t ask a portal to have access to two files at once. If I’m understanding correctly, that would explain why Librewolf needs permission to access ~/Downloads, since it can be downloading more than one file at once, and it needs access to all those files in ~/Downloads at the same time.
EDIT: I got a bit mixed up with what you were saying, but nevertheless, if this is true, then Librewofl would still need permission to access ~/Downloads and so be marked as “potentially unsafe”.
Librewolf would need to ask permission to a folder (for the standard downloads folder for instance) or it would need to show two save prompts when downloading two files (isn’t that what it does already?)
The “two files” thing only applies to applications that ask access for one file (say, an mp4) and also want a second file in that same directory (say, a matching .srt). That can be worked around by selecting multiple files in the file picker, but that does pose for an annoying restriction. I don’t see how a browser would be affected by this, though, as browsers don’t tend to also send secondary files when you upload something.
I get what you mean. When updating Linux mint, the “This needs to get some additional packages too” window, relatively benign, has a big scary ⚠️/ /!\ on it.
Felt the need to explain to the person I was installing it for. “That’s totally normal, just look it over first and continue.”
…like, it’s gonna do that almost every time it updates, it doesn’t need to look scary. :|
Not for the average/casual user, which is why this post exists.
The average person will look at that and see the ‘!’ in a triangle and became scared of what it can do to their system, even though it has no more permissions than a system package. Alternatively, they will become desensitized and learn to ignore it, resulting in installing flatpacks from untrusted and unverified sources.
Overall, I just think the idea around having to sandbox all flatpaks is not a good idea. To give a concrete example, Librewolf is marked as “potentially unsafe” because it has access to the download folder, but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions - it’s the worst of both worlds! Trying so hard to comply with flatpak guidelines that it gets in the way of doing things, and still not being considered safe enough.
There has been a portal to prevent this issue for years now. The fix isn’t to patch around issues in Flatseal, it’s for developers or Flatpak packagers to fix their security policies and code.
As an added benefit, KDE users get thumbnails in their file picker because they’re no longer stuck with the old GTK one but instead can use their native file picker portal. A win for everyone!
I don’t know about this in depth, but from what another user in this thread said, a flatpak can’t ask a portal to have access to two files at once. If I’m understanding correctly, that would explain why Librewolf needs permission to access ~/Downloads, since it can be downloading more than one file at once, and it needs access to all those files in ~/Downloads at the same time.
EDIT: I got a bit mixed up with what you were saying, but nevertheless, if this is true, then Librewofl would still need permission to access ~/Downloads and so be marked as “potentially unsafe”.
Librewolf would need to ask permission to a folder (for the standard downloads folder for instance) or it would need to show two save prompts when downloading two files (isn’t that what it does already?)
The “two files” thing only applies to applications that ask access for one file (say, an mp4) and also want a second file in that same directory (say, a matching .srt). That can be worked around by selecting multiple files in the file picker, but that does pose for an annoying restriction. I don’t see how a browser would be affected by this, though, as browsers don’t tend to also send secondary files when you upload something.
Ah, thank you for the explanation, I think I get it.
You shouldn’t use Android then. It is way worse
I get what you mean. When updating Linux mint, the “This needs to get some additional packages too” window, relatively benign, has a big scary ⚠️/
/!\on it.Felt the need to explain to the person I was installing it for. “That’s totally normal, just look it over first and continue.”
…like, it’s gonna do that almost every time it updates, it doesn’t need to look scary. :|