Inkscape Flatpak is looking for a maintainer!
github.com
The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.
This would allow further improvements like Portal support and making the app official on Flathub.
Update: One might have been found!
You are viewing a single comment
Oficial repositories, unoficial repositories, flatpak, snap... What happened to just donwload the app from it's own creator and install on your machine? Why do we need every app being touched by some rando before I can install it on my box?
Your wanted option is not gone, you can still download the binaries if the author presents them; or you can compile it from source. This is just another, more convenient way to distribute the program.
If you are looking to get your programs Windows-style, to download a binary or "install wizard", then you can look into appimages.
Like any form of distribution however: someone has to offer this, be it the author or "some rando".
Appimages have no install wizard. And Windows executables have some weird signature verification which Appimages dont have at all.
True. Still the most windows-like installation method.
If you mean downloading random stuff from random websites, yes.
But they dont have installers, so no verification, no moving to locations where executing is allowed (on Linux the entire home is executable which is a huge security issue) no desktop integration, no context menu, no file associations.
I do mean downloading random stuff from random websites.
Hmm, is that a feature or a flaw?
A matter of perspective I think. It's a flaw in my opinion. Just downloading anything from anywhere sets one up for failure/malware.
Code Signing on its own is useless, I think. If there is no distribution structure or user-validated trustchain, of course. But then you don't really need Code Signing, a simple hash is enough.
My personal preference are the distro repos, to a point where I even dislike additional package managers like pip, npm or cargo.
Reducing the size of the OS helps a ton here.
And mounting home read-only. I think Android and ChromeOS do that. I will experiment with that too, it is really interesting. You mainly need a different place to store user scripts, and appimages are broken (how sad), the rest should be fine.
Then a few more core concepts help too:
Flatpak helps a ton centralizing the packaging efforts. And it works. There are tons of officially supported packages. And I guess many of them will be maintained upstream.
But you still have a secure system, sandboxing, verification and packagers that keep an eye on it, kind of.
On a secure system you would need to pay a lot of people, like the typical 3-5 people that package most apps. For doing security analyses, opting-in to every new update etc.
I'm sorry, I don't think I can see the point you are making. Are you saying that one can get around the 3-5 people by using flatpaks, ro home directories and other mitigations?
What people?
Nonexecutable home directories I mean. /tmp too. This only makes sense as normally programs are in different areas. I will experiment with that.
That's the Windows shit I specifically wanted to get away from
Thats how packaging works.
On Android I use Obtainium, as the package manager deals with signature verification. On Linux, Flatpak is the only equivalent to Android apps.
RustDesk is the only Flatpak not from Flathub I use, because they have messed up permissions.
There's also Pied, which hasn't gotten around to submitting to Flathub.
Wow, cool app!
That was my first thought upon finding it. It's really hard to find though, even if you know the name of it.
Keep in mind the Rustdesk flatpak has full access to your machine and isn't sandboxed
Yes true, thats why it is not published on Flathub.
I will add an override to it that makes sense.
Yeah I don't trust it. Chinese made potential spyware
Lol
Because it is better?