Imagine your friend that does not know anything about linux, don’t you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?
I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S
I believe this warning could have a less alarming design, saying something like “This app can use elevated permissions. What does this mean?” with the “What does this mean?” text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have “verified” on the app and a red warning saying “Potentially unsafe”, the user will think “well, should I trust this or not??”
isn’t flatpak by definition relying on a second software source, hence 2x as much risk as relying on a single source (your OS repo)?
How much sandboxing is your distro generally doing?
beyond root processes, none that I am aware of. Hence I configured all my internet applications and steam to run in a jail :) firejail & bubblewrap come as native packages, unlike the flatpak contents
A distro has thousands of independent sources. No your distro doesn’t audit them all, barely any.
“barely any” is neither entirely accurate, nor does it excuse the use of flatpaks.
It’s very accurate. A distro will audit a few packages they deem high risk, such as suid binaries. Once an audit is complete they will often not re-audit it. At that point you rely on third parties for audits.
Flatpak is sometimes, not always, simply a more secure package. You can audit the sources like anywhere else.