Next step, display the “potential unsafe”-badge next to verified or unverified, that can be found on the same page. In example https://flathub.org/apps/io.github.shiiion.primehack is marked as verified, but if you scroll down you can see the application has full system and data access and is marked as potential unsafe.
It makes it obvious to people whether they are downloading Google Chrome as packaged by Google or as by someone else. That being said, Google Chrome is malware. That being said there is a lot more that needs to be done to truly prevent malware, which will be costly but will hopefully take effect when they’ve got the budget for it
Because if you search Firefox and see a badge that says verified, you can be confident that it was Mozilla that packaged it and added it to FlatHub as opposed to some random scammer.
Verification doesnt help at all if the source is not trusted. All this says is “upstream developers maintain this package”. Unofficial packages can be safe too, like VLC.
Nice
Good to see one of the two big packaging hubs do something against malware
Next step, display the “potential unsafe”-badge next to verified or unverified, that can be found on the same page. In example https://flathub.org/apps/io.github.shiiion.primehack is marked as verified, but if you scroll down you can see the application has full system and data access and is marked as potential unsafe.
cough cough snap cough
Snap already marks unverified apps
Yet Ubuntu still recommends installing anything from the terminal if a command was found in a rando unverified snap.
How does that Help against Malware?
It makes it obvious to people whether they are downloading Google Chrome as packaged by Google or as by someone else. That being said, Google Chrome is malware. That being said there is a lot more that needs to be done to truly prevent malware, which will be costly but will hopefully take effect when they’ve got the budget for it
Because if you search Firefox and see a badge that says verified, you can be confident that it was Mozilla that packaged it and added it to FlatHub as opposed to some random scammer.
You can’t just upload a App to Flathub. Everythng is reviewed.
Apt has done this forever
Verification doesnt help at all if the source is not trusted. All this says is “upstream developers maintain this package”. Unofficial packages can be safe too, like VLC.