The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

Update: One might have been found!

  • KomfortablesKissen@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    ·
    5 months ago

    A matter of perspective I think. It’s a flaw in my opinion. Just downloading anything from anywhere sets one up for failure/malware.

    Code Signing on its own is useless, I think. If there is no distribution structure or user-validated trustchain, of course. But then you don’t really need Code Signing, a simple hash is enough.

    My personal preference are the distro repos, to a point where I even dislike additional package managers like pip, npm or cargo.

    • boredsquirrel@slrpnk.netOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      5 months ago

      Just downloading anything from anywhere sets one up for failure/malware.

      Reducing the size of the OS helps a ton here.

      And mounting home read-only. I think Android and ChromeOS do that. I will experiment with that too, it is really interesting. You mainly need a different place to store user scripts, and appimages are broken (how sad), the rest should be fine.

      Then a few more core concepts help too:

      • KISS (keep it stupid simple)
      • Unix philosophy (everything does one thing and stays transparent)
      • and the concept of least privilege (seccomp, MAC (mandatory access control, SELinux/Apparmor, sandboxes, jails, etc).

      Flatpak helps a ton centralizing the packaging efforts. And it works. There are tons of officially supported packages. And I guess many of them will be maintained upstream.

      But you still have a secure system, sandboxing, verification and packagers that keep an eye on it, kind of.

      On a secure system you would need to pay a lot of people, like the typical 3-5 people that package most apps. For doing security analyses, opting-in to every new update etc.

      • KomfortablesKissen@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        I’m sorry, I don’t think I can see the point you are making. Are you saying that one can get around the 3-5 people by using flatpaks, ro home directories and other mitigations?

        • boredsquirrel@slrpnk.netOP
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          get around the 3-5 people

          What people?

          Nonexecutable home directories I mean. /tmp too. This only makes sense as normally programs are in different areas. I will experiment with that.