173

Inkscape Flatpak is looking for a maintainer! (github.com)

submitted 5 days ago by boredsquirrel@slrpnk.net to c/linux@lemmy.ml

76 comments fedilink hide all child comments

The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

you are viewing a single comment's thread
view the rest of the comments

[-] KomfortablesKissen@discuss.tchncs.de 1 points 4 days ago

I do mean downloading random stuff from random websites.

[-] boredsquirrel@slrpnk.net 2 points 4 days ago

Hmm, is that a feature or a flaw?

[-] KomfortablesKissen@discuss.tchncs.de 1 points 4 days ago

A matter of perspective I think. It's a flaw in my opinion. Just downloading anything from anywhere sets one up for failure/malware.

Code Signing on its own is useless, I think. If there is no distribution structure or user-validated trustchain, of course. But then you don't really need Code Signing, a simple hash is enough.

My personal preference are the distro repos, to a point where I even dislike additional package managers like pip, npm or cargo.

[-] boredsquirrel@slrpnk.net 2 points 4 days ago* (last edited 4 days ago)

Just downloading anything from anywhere sets one up for failure/malware.

Reducing the size of the OS helps a ton here.

And mounting home read-only. I think Android and ChromeOS do that. I will experiment with that too, it is really interesting. You mainly need a different place to store user scripts, and appimages are broken (how sad), the rest should be fine.

Then a few more core concepts help too:

KISS (keep it stupid simple)
Unix philosophy (everything does one thing and stays transparent)
and the concept of least privilege (seccomp, MAC (mandatory access control, SELinux/Apparmor, sandboxes, jails, etc).

Flatpak helps a ton centralizing the packaging efforts. And it works. There are tons of officially supported packages. And I guess many of them will be maintained upstream.

But you still have a secure system, sandboxing, verification and packagers that keep an eye on it, kind of.

On a secure system you would need to pay a lot of people, like the typical 3-5 people that package most apps. For doing security analyses, opting-in to every new update etc.

[-] KomfortablesKissen@discuss.tchncs.de 1 points 3 days ago

I'm sorry, I don't think I can see the point you are making. Are you saying that one can get around the 3-5 people by using flatpaks, ro home directories and other mitigations?

[-] boredsquirrel@slrpnk.net 1 points 3 days ago

get around the 3-5 people

What people?

Nonexecutable home directories I mean. /tmp too. This only makes sense as normally programs are in different areas. I will experiment with that.

this post was submitted on 25 Jun 2024

173 points (95.8% liked)

Linux

45443 readers

1638 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz