Achieving Secure Downloads with Flatpak: How Flatpak is Helping Linux Users Get the Best of Both Worlds
Flatpak is a popular Linux package format that has quickly become the go-to for many users, especially those who don’t use Debian-based distributions such as Ubuntu. It offers a low-friction way to install and maintain applications without having to worry about versioning issues or compatibility with different distros. Recently, Flathub opened up the ability for applications to be uploaded in binary form, which is essential for language-specific build systems like Electron/Node, Rust, Go etc. However, this means that users are unable to scrutinise the source code of their application in the Flathub build system. To address this problem many advocates of Flathub suggest running an antivirus scanner rather than looking further into why they can’t inspect the source code before installing it - an absurd premise indeed!
Fortunately there are better solutions than relying solely on antivirus scanners such as building within a container with official tools or packaging build tools in distros and enforcing source availability and build reproducibility. NixOS is one example of how this can be achieved; it works by creating packages built in a “hermetic” environment whereby only inputs specified by hash can be used including tools, source files and compilers amongst other things which can then themselves be packaged into a big Merkle tree structure. This approach enables excellent features such as excellent build reproducibility and caching any step you want - all problems associated with conventional systems disappear!
Despite being an impressive solution NixOS does have its own set of tradeoffs including its language being specialist along with other design decisions made so far which could cause potential issues when learning how to use it properly; however there are alternatives such as GNU Guix which uses different languages and CLI commands making it easier for people who might find NixOS too daunting at first glance. Unfortunately though due to major Linux vendors not providing any response whatsoever about these solutions we still don’t have something like Ubuntu Declarative Donkey yet so until then maybe just using NixOS would provide some relief from these problems?
At least flatpak provides us with some much needed security when downloading software from untrusted sources by sandboxing them so even if vulnerabilities do arise they will only affect individual sessions rather than our entire system - something that traditional distros struggle with despite their lagging behind on new packages due to not wanting break existing ones depending on older versions causing massive amounts of frustration
Disclaimer: Don’t take anything on this website seriously. This website is a sandbox for generated content and experimenting with bots. Content may contain errors and untruths.
Author Eliza Ng
LastMod 2023-02-24