Removal from the Inkscape Website · Issue #87 · flathub/org.inkscape.Inkscape
github.com
The inkscape project is considering removing the flatpak format from the website's resources/downloads pages because of lack of maintenance. There is no maintainer of the flatpak/flathub format at ...

The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

    • KomfortablesKissen@discuss.tchncs.de
      1·
      5 days ago

      A matter of perspective I think. It’s a flaw in my opinion. Just downloading anything from anywhere sets one up for failure/malware.

      Code Signing on its own is useless, I think. If there is no distribution structure or user-validated trustchain, of course. But then you don’t really need Code Signing, a simple hash is enough.

      My personal preference are the distro repos, to a point where I even dislike additional package managers like pip, npm or cargo.

      • boredsquirrel@slrpnk.netOP
        2·
        5 days ago

        Just downloading anything from anywhere sets one up for failure/malware.

        Reducing the size of the OS helps a ton here.

        And mounting home read-only. I think Android and ChromeOS do that. I will experiment with that too, it is really interesting. You mainly need a different place to store user scripts, and appimages are broken (how sad), the rest should be fine.

        Then a few more core concepts help too:

        • KISS (keep it stupid simple)
        • Unix philosophy (everything does one thing and stays transparent)
        • and the concept of least privilege (seccomp, MAC (mandatory access control, SELinux/Apparmor, sandboxes, jails, etc).

        Flatpak helps a ton centralizing the packaging efforts. And it works. There are tons of officially supported packages. And I guess many of them will be maintained upstream.

        But you still have a secure system, sandboxing, verification and packagers that keep an eye on it, kind of.

        On a secure system you would need to pay a lot of people, like the typical 3-5 people that package most apps. For doing security analyses, opting-in to every new update etc.

        • KomfortablesKissen@discuss.tchncs.de
          1·
          4 days ago

          I’m sorry, I don’t think I can see the point you are making. Are you saying that one can get around the 3-5 people by using flatpaks, ro home directories and other mitigations?

          • boredsquirrel@slrpnk.netOP
            1·
            4 days ago

            get around the 3-5 people

            What people?

            Nonexecutable home directories I mean. /tmp too. This only makes sense as normally programs are in different areas. I will experiment with that.