I just installed Debian with the KDE desktop and I’m looking to see what kind of packages are available in the Discover store by default as they are not labeled i.e., Snaps/Flatpak. Should I install Flatpak? Thanks I don’t to break anything
I just installed Debian with the KDE desktop and I’m looking to see what kind of packages are available in the Discover store by default as they are not labeled i.e., Snaps/Flatpak. Should I install Flatpak? Thanks I don’t to break anything
Yeah true, but if you’re choosing Debian then I can see why there is caution about “unverified” flatpaks.
Ultimately if they’re not verified then you’re taking it on trust that they’ve been repackaged by a good actor and not a bad actor. We have no reason to believe there are malicious flatpaks are on flathub and verified only really meansnit was packaged by the originating project itself. But it is still a separate chain of packaging and security from the official one in a distro.
And Flathub doesnt need to be the repo used. Fedora for example created its own repo so it could verify its own flatpaks in the same way as its other system repos. Other distros do not seem to be following that path.
Personally I take the risk on flatpaks in the same way I will take risks on the opensuse OBS (or AUR in arch) - if i need/want the software and it’s not in the main repos for my distro I will generally take it off flathub rather than add an OBS source I dont know well. (If its small software I might build from source myself).