The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

Update: One might have been found!

      • KomfortablesKissen@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        A matter of perspective I think. It’s a flaw in my opinion. Just downloading anything from anywhere sets one up for failure/malware.

        Code Signing on its own is useless, I think. If there is no distribution structure or user-validated trustchain, of course. But then you don’t really need Code Signing, a simple hash is enough.

        My personal preference are the distro repos, to a point where I even dislike additional package managers like pip, npm or cargo.

        • boredsquirrel@slrpnk.netOP
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          5 months ago

          Just downloading anything from anywhere sets one up for failure/malware.

          Reducing the size of the OS helps a ton here.

          And mounting home read-only. I think Android and ChromeOS do that. I will experiment with that too, it is really interesting. You mainly need a different place to store user scripts, and appimages are broken (how sad), the rest should be fine.

          Then a few more core concepts help too:

          • KISS (keep it stupid simple)
          • Unix philosophy (everything does one thing and stays transparent)
          • and the concept of least privilege (seccomp, MAC (mandatory access control, SELinux/Apparmor, sandboxes, jails, etc).

          Flatpak helps a ton centralizing the packaging efforts. And it works. There are tons of officially supported packages. And I guess many of them will be maintained upstream.

          But you still have a secure system, sandboxing, verification and packagers that keep an eye on it, kind of.

          On a secure system you would need to pay a lot of people, like the typical 3-5 people that package most apps. For doing security analyses, opting-in to every new update etc.

          • KomfortablesKissen@discuss.tchncs.de
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            I’m sorry, I don’t think I can see the point you are making. Are you saying that one can get around the 3-5 people by using flatpaks, ro home directories and other mitigations?

            • boredsquirrel@slrpnk.netOP
              link
              fedilink
              arrow-up
              1
              ·
              4 months ago

              get around the 3-5 people

              What people?

              Nonexecutable home directories I mean. /tmp too. This only makes sense as normally programs are in different areas. I will experiment with that.