Fedora claims GIMP is sandboxed. If you click “High” next to “Permissions”, you see a little exclamation mark saying it has “File system” permissions.
it’s a Fedora problem, not a Flatpak problem (this is GNOME Software on Pop OS 22.04)
seriously though, i found the essay…wanting. it was far too focused on the problems, which is of course fine if you don’t have solutions to them, but the author does have solutions (presented at the very end). the tone is excessively pessimistic, which would turn a lot of readers off from reading these legitimate grievances
This is a Flatpak problem. Its design requires the user to either trust the upstream developers to set the sandboxing properly or learn how to do it and spend time configuring each and every application as needed. This is not practical.
In traditional Linux distributions there is a trusted package mantainer that reviews software and configurations with the user’s needs in mind.
or learn how to do it and spend time configuring each and every application as needed
And even if they were to spend the time, afaik there’s simply no right way to configure a flatpak like GIMP so it can edit any file from any arbitrary location they might want without first giving it read/write permissions for every single of those locations and allowing the program to access those whole folder trees at any point in time without the user knowing (making it “unsafe”).
It shouldn’t have to be this way, there could be a Flatpak API for requesting the user for a file to open with their explicit consent, without requiring constant micro-management of the flatpak settings nor pushing the user to give it free access to entire folders. The issue is that Flatpak tries to be transparent to the app devs so such level of integration is unlikely to happen with its current philosophy.
Using that to define whether something is an “OS Component” would be a very loose definition that wouldn’t make much of a difference then.
Is RetroArch an “OS Component” just because it exposes a filesystem API to its libretro cores? Are browsers that use independent processes for encapsulation “OS components”?
Even if we accepted that term, so what? as I said, I think the real reason they won’t do it is because they keep wanting to be transparent to the app devs (ie. they don’t want them to have to support Flatpak-specific APIs). Which is why I think there needs to be a change of philosophy for this to be possible.
You are missing the point. A process-independent file opener that is used by all applications to access files provides user-friendly security. This would be a core component of an OS so the description is correct.
You are missing the point. A process-independent file opener that is used by all applications to access files provides user-friendly security.
But that was essentially what I said… I’m the one who proposed something like that 2 comments ago.
This would be a core component of an OS so the description is correct.
Again, I disagree that “this would be a core component of an OS”. You did not address any of my points, so I don’t see how it follows that “the description is correct”. The term “core OS component” is subjective to begin with.
But even if you wanted to label it that way, it wouldn’t make any difference. That’s just a label you are putting on it, it would not make Flatpak any less of an app distribution / management system with focus on cross-distro compatibility and containerization. Flatpak would still be Flatpak. Whether or not you want to consider it a core part of the OS is not important.
And Flatpak already uses independent processes to manage the whole container & runtime that the app uses for access to the system resources, which already closely matches what you defined as “a core component of an OS”.
it’s a Fedora problem, not a Flatpak problem (this is GNOME Software on Pop OS 22.04)
seriously though, i found the essay…wanting. it was far too focused on the problems, which is of course fine if you don’t have solutions to them, but the author does have solutions (presented at the very end). the tone is excessively pessimistic, which would turn a lot of readers off from reading these legitimate grievances
This is a Flatpak problem. Its design requires the user to either trust the upstream developers to set the sandboxing properly or learn how to do it and spend time configuring each and every application as needed. This is not practical.
In traditional Linux distributions there is a trusted package mantainer that reviews software and configurations with the user’s needs in mind.
And even if they were to spend the time, afaik there’s simply no right way to configure a flatpak like GIMP so it can edit any file from any arbitrary location they might want without first giving it read/write permissions for every single of those locations and allowing the program to access those whole folder trees at any point in time without the user knowing (making it “unsafe”).
It shouldn’t have to be this way, there could be a Flatpak API for requesting the user for a file to open with their explicit consent, without requiring constant micro-management of the flatpak settings nor pushing the user to give it free access to entire folders. The issue is that Flatpak tries to be transparent to the app devs so such level of integration is unlikely to happen with its current philosophy.
That would not be Flatkpak then. It would be an OS component, much like Android has a file opener implemented as an independent process IIRC.
Using that to define whether something is an “OS Component” would be a very loose definition that wouldn’t make much of a difference then.
Is RetroArch an “OS Component” just because it exposes a filesystem API to its libretro cores? Are browsers that use independent processes for encapsulation “OS components”?
Even if we accepted that term, so what? as I said, I think the real reason they won’t do it is because they keep wanting to be transparent to the app devs (ie. they don’t want them to have to support Flatpak-specific APIs). Which is why I think there needs to be a change of philosophy for this to be possible.
You are missing the point. A process-independent file opener that is used by all applications to access files provides user-friendly security. This would be a core component of an OS so the description is correct.
But that was essentially what I said… I’m the one who proposed something like that 2 comments ago.
Again, I disagree that “this would be a core component of an OS”. You did not address any of my points, so I don’t see how it follows that “the description is correct”. The term “core OS component” is subjective to begin with.
But even if you wanted to label it that way, it wouldn’t make any difference. That’s just a label you are putting on it, it would not make Flatpak any less of an app distribution / management system with focus on cross-distro compatibility and containerization. Flatpak would still be Flatpak. Whether or not you want to consider it a core part of the OS is not important.
And Flatpak already uses independent processes to manage the whole container & runtime that the app uses for access to the system resources, which already closely matches what you defined as “a core component of an OS”.