I remember in 1995-ish or something when I used the internet for the first time using the Netscape browser… And I was asking a friend if he had tried all the web sites yet. Just got a weird look back… :) I didn’t know what the internet was back then at first.
There are portals: docs.flatpak.org/en/…/desktop-integration.html#po… . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host.
Doesn’t work for all applications but for many sand boxing is possible without a loss of features.
No filesystem access for a flatpak app just means it cant read host system files on its own, without user permission. You can still give it files or directories of files through the file explorer for the app to work with, just that it’s much safer since it can only otherwise view files in its sandbox.
[…] aren’t there some folks who want flatpak/snap/appimage to basically replace traditional package managers?
There might be people who think that, but that isn’t realistic. Flatpak is a package manager for user facing apps, mostly gui apps.
The core system apps will still be installed by a system package manager. I.e rpm-ostree on immutable Fedora or transactional-update/zypper on OpenSUSE MicroOS.
Snap can do system apps and user facing apps and fully snap-based Ubuntu might come in the future.
But this won’t force people to use them. Traditional package managers will keep existing for system apps and maintainers will proabably keep their gui packages in the repos.
There’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.
Add comment