I don’t consider “wanting a secure app to be installed through first party means” to be particularly unusual. I know in Linux it’s standard to just install random stuff from the internet with root. I’ve obviously done that myself, but for secure stuff I want first party. Making a flatpak wouldn’t be hard (they probably just need to review someone else’s work – it’s like an intern project)
So I went and looked it up, and signal-desktop is listed as a reproducible build, so theoretically you should be able to go and check that it conforms to the source
My os does not do that
I don’t consider “wanting a secure app to be installed through first party means” to be particularly unusual. I know in Linux it’s standard to just install random stuff from the internet with root. I’ve obviously done that myself, but for secure stuff I want first party. Making a flatpak wouldn’t be hard (they probably just need to review someone else’s work – it’s like an intern project)
So I went and looked it up, and signal-desktop is listed as a reproducible build, so theoretically you should be able to go and check that it conforms to the source
https://reproducible.archlinux.org/
But this isn’t anything I’ve looked into myself, so feel free to look into it