If you run KDE Plasma 5.27 or later, flatpak permission settings are included right from the system settings. A built-in flatseal, in case anyone didn’t know.
https://i.imgur.com/PSdt6iy.png
Flatpak is kind of bringing the BSD mindset of base system versus end-user apps to Linux.
What must one not read. The reason is that FreeBSD develop and maintains the whole base system: kernel + system related frontend and because it’s a clean architecture.
For the isolation they had jails before containers was a thing.
Flatpak was not about sandboxing, this aspect is quite recent. It is a response to how bad the CI-pseudoCD was for Gnome and to build/deploy apps based on gnome-stack easily. For proprietary product, I still have to see it a proprietary product not available outside flatpak…
Don’t get me wrong, it’s good that Flatpak tackle the sandboxing question that was not what was sold previously. Also, I use official repos and mainly FOSS. Flatpak won’t prevent a supplychain attack. So my trust remains the main repos.
I can keep Firefox bleeding edge without having to worry that the package manager is also going to update the base system, giving me a broken next boot if I run rolling releases.
On Nix[OS], one can use multiple base Nixpkgs versions for specific packages one wants. What I have is e.g. 2 flakes nixpkgs, and nixpkgs-update. The first includes most packages including base system that I do not want to update regularly, while the last is for packages that I want to update more regularly like Web browser (security reasons, etc).
deleted by creator
If you run KDE Plasma 5.27 or later, flatpak permission settings are included right from the system settings. A built-in flatseal, in case anyone didn’t know. https://i.imgur.com/PSdt6iy.png
What must one not read. The reason is that FreeBSD develop and maintains the whole base system: kernel + system related frontend and because it’s a clean architecture. For the isolation they had jails before containers was a thing.
Flatpak was not about sandboxing, this aspect is quite recent. It is a response to how bad the CI-pseudoCD was for Gnome and to build/deploy apps based on gnome-stack easily. For proprietary product, I still have to see it a proprietary product not available outside flatpak…
Don’t get me wrong, it’s good that Flatpak tackle the sandboxing question that was not what was sold previously. Also, I use official repos and mainly FOSS. Flatpak won’t prevent a supplychain attack. So my trust remains the main repos.
On Nix[OS], one can use multiple base Nixpkgs versions for specific packages one wants. What I have is e.g. 2 flakes nixpkgs, and nixpkgs-update. The first includes most packages including base system that I do not want to update regularly, while the last is for packages that I want to update more regularly like Web browser (security reasons, etc).
e.g.