187
Fedora threatened with legal action from OBS Studio due to their Flatpak packaging
(www.gamingonlinux.com)
this post was submitted on 15 Feb 2025
187 points (98.4% liked)
Linux
6056 readers
148 users here now
A community for everything relating to the GNU/Linux operating system
Also check out:
Original icon base courtesy of [email protected] and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yeah, thats optional. Unlike actual secure package managers like apt, where signing has been required since 2005.
What you need to look at is the docs for installing, and note it doesn't say anything about requiring valid signatures after downloading a payload.
Flatpak doesn't care about security. avoid them.
This seems to be blatant misinformation.
The default seems to require a gpg signature. It can be disabled for a remote with
--no-gpg-verify, but the default for installing and building definitely requires a signature.You keep talking about the docs, so please show me where is says that in the Flatpak Documentation.
You're the one spreading misinformation.
The burden of proof is on you. I linked you to the docs showing how package signatures have been required in apt since 2005. Most package managers do not have signature verification.
Point me to where the docs say signatures are required to be verified after download.
You accused flatpak of being insecure. The burden to prove that is totally on you.
Nah, tech is insecure by default.