undefined | Better HN

0 pointsSahAssar4y ago0 comments

> From the security perspective both snaps and flatpaks are preferable to dep/rpm

Most of the packages still have access to the home directory of the running user, right? The sandboxing almost always seems either configure to be as lax as possible or so strict so that it causes issues. For most desktop linux users if a app has access to their home directory and network access then it already has 99% of interesting things.

0 comments

galgalesh4y ago

Snaps have only limited access to your home directory and you can turn it off as a user. They don't have access to hidden folders in your home directory, for example, so they can't access your ssh keys, config and keychain.

Flatpaks are more an "all-or-nothing" approach. Either the app is in a tight sandbox and uses portals to access things like the camera or it has almost complete access to your os. Since portals are a new API which requires app rewrite, most Flatpaks are not sandboxed.

j / k navigate · click thread line to collapse

0 pointsSahAssar4y ago0 comments

> From the security perspective both snaps and flatpaks are preferable to dep/rpm

0 comments

galgalesh4y ago

j / k navigate · click thread line to collapse