this post was submitted on 16 Jun 2024
50 points (100.0% liked)

Free and Open Source Software

18021 readers
6 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 6 months ago (3 children)

Personally I don’t understand the large warnings on flatpaks built by others, by that logic you should get a warning sign each time you download from the Ubuntu community apt repository.

OSS is built out of love, and to me this warns guilty before proven innocent.

[–] [email protected] 9 points 6 months ago

Well I think you have to distinguish between a messenger and other programms, because a messenger has a lot of sensitive data.

[–] [email protected] 6 points 6 months ago* (last edited 6 months ago)

Just because something is built out of love does not make it safe, and attestation is about safety. You wouldn't trust an un-attested surgical device, just because there's a really positive community around its design.

Signal is a life-or-death app for some people.

[–] [email protected] 2 points 6 months ago (1 children)
[–] [email protected] 1 points 6 months ago

The 'appstore' of some distributions, e.g. Linux Mint, displays a warning or hint for unofficial flatpaks. In Mint the display of unofficial flatpaks are toggled off by default and there is a warning or recommendation displayed against toggling on.