Linux Mint Doesn't Understand Flatpak Verification
HTML-код
- Опубликовано: 5 июн 2024
- Over on Flathub the verification system has existed for quite a while now to indicate which flatpaks are developed by upstream developers and which are by 3rd parties but Linux Mint is using this system for another goal.
==========Support The Channel==========
► Patreon: brodierobertson.xyz/patreon
► Paypal: brodierobertson.xyz/paypal
► Liberapay: brodierobertson.xyz/liberapay
► Amazon USA: brodierobertson.xyz/amazonusa
==========Resources==========
Linux Mint Blog Post: blog.linuxmint.com/?p=4719
Flathub Verification: docs.flathub.org/docs/for-app...
=========Video Platforms==========
🎥 Odysee: brodierobertson.xyz/odysee
🎥 Podcast: techovertea.xyz/youtube
🎮 Gaming: brodierobertson.xyz/gaming
==========Social Media==========
🎤 Discord: brodierobertson.xyz/discord
🐦 Twitter: brodierobertson.xyz/twitter
🌐 Mastodon: brodierobertson.xyz/mastodon
🖥️ GitHub: brodierobertson.xyz/github
==========Credits==========
🎨 Channel Art:
Profile Picture:
/ supercozman_draws
🎵 Ending music
Track: Debris & Jonth - Game Time [NCS Release]
Music provided by NoCopyrightSounds.
Watch: • Debris & Jonth - Game ...
Free Download / Stream: ncs.io/GameTime
#Linux #Flatpak #OpenSource #LinuxMint #FOSS #LinuxDesktop
DISCLOSURE: Wherever possible I use referral links, which means if you click one of the links in this video or description and make a purchase I may receive a small commission or other compensation. Наука
This is a typical example of Avid's Law: "Security at the cost of usability comes at the cost of security". A lot of people will want to install Chrome, VLC, Inkscape, etc... Since they're all unverified, the lesson they teach users is "Ignore security warnings to get to the stuff you want". This is the exact opposite of how to design user-friendly and secure systems.
Performance comes first, the show must go on.
Just like with wayland when you want to use global hotkeys and require to run an application as root to do that, or when you want to split applications but wayland doesn't allow that
No, they won't! Chromium, VLC and Inkscape are all packaged in Linux Mint's repos, and Chrome is available as a .deb file on their website.
@@evepreviouslyknownaslenenjoyerGood luck having old versions in the Ubuntu repos!
@@notuxnobuxI wanted to use wireshark to find a bug in a program, and learned that the hard way, had to use the TUI to even have a chance of finding that bug. what was that about linux being more user friendly and not needing to use the command line? thanks wayland, you are holding linux back more than ever before now thanks to people not being fine with old and stable software
I don't disagree with Mint's decision, I disagree with Mint's wording on the warning. They imply that verified flatpaks are "safe" and they are not, and that unverified ones are not … which may or may not be true.
Exactly, me too. Mint is made for people who are just dipping their toes into the world of Linux, and it's crucial to guide them and keep them safe until they learn more about linux. Mint's decision is right, but they just used the wrong wording to explain what's actually the case.
Maybe "First-party upload/package" vs. "Third-party upload/package" would be clearer than "Verified" vs. "Unverified"?
Or just "official" vs. "unofficial"...?
@@AClockworkHellcatThat works. Verified / unverified is fine too. The issue I have is solely with the scare warning about the potential for malware-not because unverified packages can't contain malware, but because _verified ones can as well._
@@GSBarlev that's a very good point, the warning should much rather be presented when first interacting with flatpaks, since the official Mint repos are much closer to the kind of safety the warning suggests about verified flatpaks, in that each update is released explicitly by Mint and tested according to their capacity.
Simply mark the verified developer as the verified developer, and the contributed Apps as contributed Apps (and link the contributor cause bug reports)
Also i'm not a huge fan of prompts, but maybe a prompt that asks if you would like to limit the store to verified developers only for a security benefit and miss out on some apps or not. Tell people about the pros of each side.
8:00 During my 'cyber security' training at a job, no joke, they said, 'look for the lock icon. If you don't see it, the site may not be real. If you do, it's safe.'
Browsers don't hold all the blame for that bad information, I've heard this more than once
The amount of people that think like this in tech, _including those studying cyber security at a graduate level_, is both disheartening and frightening.
This is genuinely terrible advice to be giving in a legitimate cyber security training course (But I'm guessing that most people actually doing cyber security actually know what stuff like that means)
Do you know how easy it is to manipulate that little lock icon. I look at that and just laugh and then look at the backend to see what is really going on.
The cyber security program we subscribe to where I work is pretty cringe up one side and down the other. I raised a bit of a stink when they wanted me to scan a QR code.
As a developer of an app on Flathub I can confirm, to verify an app you don't need to do anything, I could release malicious code if I wanted to
Niko spreading truth
@@atemoc as Niko always should
But a user is trusting the upstream developer anyway when they use their software, unless it's open source and the user has reviewed the source before compiling for themselves, or delegating that task to a package maintainer. I bet most users and maintainers don't review the source code.
My point is that if the user doesn't trust the upstream, then they shouldn't use the software. If they do, might as well accept their binaries.
@@szaszm_ that's a fair opinion
Please don't.
Verification of source *IS* important, but it is *NOT* security. Any "badge" should not confuse the user as a security function, no shields, locks, etc. it should also avoid alarm colours. Look to other authenticity markings for reference, use terms like "verified source", "upstream developer," "official maintainer", NOT "verified" by itself.
There are plenty of examples using logos and simple markings, this isn't that hard.
in my opinion, the "verification" status is not a bad feature, just a badly worded one. it should be more like "official maintainer" or something
Official maintainer is worse to be honest. Why can't they just use say "Packaged by the developers"
@@rany0 eh you're right
the point i made was that the current wording is the absolute worst
I agree in general Flathub shouldn't proably use the "verified" name but moreso something else
I like that Linux Mint made a toggle for unverified Flatpaks, but what I don't agree with is the big scary warning about malware. Especially since some users may not be that tech savvy (e.g. new migrators from Windows) and may not fully understand what verification means
Well, this is kind of like there are bootleg packagers for commercial Windows applications, whether produced by Microsoft itself or by another well known commercial software firm, but at least they are screened against getting their packages hosted on the Microsoft Store. There isn't any Linux, Inc. to do an analogous thing. Linux can still be wild-West at times.
Still, I'd agree it's better to say that the malware risk increases when going from a package certified by a well known upstream entity, to a package certified by a little known upstream entity, to a package not certified by anybody. Or some other way of measuring the degree of motivation for responsibility and security capability. Maybe there should be three or more levels of risk, not just two? It's the 1800s -- do you want to go to Chicago, San Francisco, or Dodge City?
Right unlike Elementry OS who just refuse to ship flathub in anyway other than their very small list of "curated" apps. Though I do agree I'd probably re-word the security part of that toggle.
@warthunder1969 I would agree, however, Flathub will be enabled by default in Elementary OS 7. Thank goodness.
The Linux community's "Ha ha, what's a virus?" mentality is gonna mess us up REAL bad someday.
gnu linux can't get malware because its made with magic from the wizard kandelf himself!
The Linux community is comprised mostly of technical people. These are not the kinds of people to download something Willy nilly
@@BitTheByte Depends on the exact users. I don't think "mostly" really applies to the point where they have intimate knowledge of security measures. I mean, sure, most Linux users can trouble shoot more problems than your average Windows user, but I still doubt most them even have experience with setting up a firewall. Maybe I'm wrong.
Fact is, most people just want an OS with software that works, and they're absolutely willing to sacrifice certain degrees of security to make that happen. That's why Windows remains the dominant OS. As far as malware goes, Linux has largely been coasting on relative obscurity. The only reason we don't have call centers and drive-by malware delivered through web ad services is simply due to the fact that there aren't as many users. That _will_ change when and if more average computer users make the jump to Linux.
@@BitTheByte Technical people will sometimes do something really silly to get what they want -- or think that they want -- in a hurry.
@@trajectoryunown I think you misunderstand. The Linux Kernel is pretty hardened security wise. As long as you are not running random programs as root you should be relatively safe. The proof lies in the fact that 15% of all desktop PC's in india run linux, and given india has over a billion person population that is NOT insignificant number of people. If we do a quick and dirty calculation and assume nobody owns 2 PC's, nearly 250 million people over there use linux. That is almost the population of the entire US.
The whole "Linux is only secure because its obscure" is not entirely true. Its secure because
a) Users tend to have a better understanding of their system and dont run random programs as root
b) The kernel itself is pretty hardened against privilege escalation
c) Everything done on linux is logged on your own machine.
The absurd thing is that Flathub even has a security rating.
They could have just disabled insecure flatpaks, so flatpaks which use excessive permissions. It would still filter out a lot of reasonable applications but at least it would make some sort of sense.
How secure is the default-permission sandbox? I know I've found not having access to /usr/bin, for example, to be a pain in the toucans, but making things inconvenient for users is different than making things safer against malicious developers.
Flatpak permission system has some severe limitations and doesn't precisely encode every single permission an application might need (like no fine-tuned camera permission, at least yet, and no straight forward out-of-the-box file access control + lack of xdg-portal support in less-used UI toolkits), causing broader permissions than necessary being granted. So unfortunately, in practice it won't be a better idea to just "disable insecure Flatpaks".
@@GSBarlev
The default permissions are no permissions which means that the application is almost completely sandboxed.
The application just requests the permissions it needs.
An application that has no permissions could do very little harm to the system.
In your example, an application with write access to /usr/bin of the host system could modify the complete host system, which would mean it's not isolated at all.
@@voidmain7902
As I said, "It would still filter out a lot of reasonable applications".
I don't think it would be a reasonable thing to do but would still protect the user. Just allowing verified flatpaks does basically nothing.
By this logic, Linux Mint should have a giant warning for every Debian package as it would most likely be "unverified" by Flathub's rules.
Exactly.
No its not the same thing. Debian packages are packages by trusted users. A random flathub user is not the same as a debian member that is maintaining packages. The issue here is not that its verified by the developer, but that the one that is distributing the package is trusted by the ones that are hosting the package.
A better comparison would be to say that arch official repository packages are the same as verified flatpak programs and aur packages are the same as unverified flatpak programs.
@@notuxnobux You're still trusting that the application developer isn't doing anything malicious when the Flatpak is verified. The verification badge only works if you trust the application developer. Also, most "unverified" Flatpaks are actually maintained by established Flatpak developers so they're not necessarily less safe (so long as you trust that person...)
At the end of the day, we're down to a problem of trust. Another thing worth noting is that many of the verified Flatpaks still have the original unofficial maintainers of the Flatpak. So while it has the official badge nothing has changed administratively about the Flatpak, it's just that the upstream devs decided to trust the unofficial maintainers to get the stupid badge especially because of pressure from users to "make it official"
@@notuxnobuxHonestly though, that has 0 culpability. Nothing stops a maintainer from going nuts, getting hacked, or trusting the wrong person and then boom, malware in repos. It's how XZ happened.
Linux is built on blindly trusting someone at some point. It's all built on consecutive weak links in the chain that could break at any moment, and I personally think there needs to be way more discussions held about it.
The warning isn't necessarily there to protect the user. It's there to protect Linux Mint from liability. It was probably put there at the advice of lawyers. You are installing third party software on your system that is not maintained by the Linux Mint organization, but they have to provide the means for you to access said software for usability while protecting themselves from any blowback.
This is most likely the main reason, yeah.
Oh look, someone with the bigger picture!
In all seriousness, i think thats the case. flathub is going to get hit by some sort of malware or cryptomining badware or alike the same way snap did EVENTUALLY, its just that when it happens and people complain, Mint devs can say "somewhere down the road you hit a toggle with a warning, right?", in case of 'verified' flatpaks going rough, they can offload the burden to flathub.
They're already shielded-pretty much all FOSS licenses contain an "as-is" disclaimer disavowing all warranty and responsibility for their use.
If anything, marking certain packages as "safe" _opens them up_ to legal risk.
Is it really gonna protect the "image" when you do it in a way, that the common "solution" is to tell everyone to ignore and turn off said warning?
I don't see how that works. In the flatpak context 'Verified' doesn't mean safe and 'Unverified' doesn't mean unsafe. Strongly implying that it does may even expose Mint to risk. My understanding is that anyone can write a malware app, flatpak it themselves, and upload it to Flathub with 'Verified' status.
You need a clip compilation of all the times you pause and say "... but ..."
Screw the compilation, now I wanna ask YT's closed caption system how often that is and how often per video on average xD
Yes!
Is it weirdly safer to not label anything as safe?
In this instance, yes. It not only gives people a false sense of security, but also discourages people from using more secure versions of an application.
It enrages me these corporate middlewomen hijacking threads and third partying user discussion for simply using the delete command or discussing how to boot a flash drive. They call their unethical purging of IT an "XY problem" as in you are male. Wikipedia describes it as they want "the means to justify the ends" in true villainy. Mollycoddling and requoting is all these p*ss for brains ever do on every support channel as they shove you into using their new BS Ai engine.
@@mmstick How would you get a "more secure" third party package? That could credibly happen only if that package was made by a notable security firm.
@@SeekingTheLoveThatGodMeans7648 Having too much trust in the author of the software. Developers aren't guaranteed to always have good intentions when they release updates to their software. Having an independent third party packaging the software adds an extra layer of eyes monitoring what the developer does. Remember the Log4Shell and XZ vulnerabilities?
@@SeekingTheLoveThatGodMeans7648 You have blind faith that developers always have good intentions. Poisoning happens often, and an independent third party is an extra layer of eyes watching what the developer adds to their software.
I think there's a massive difference in security between software that has been manually checked not to impersonate another product, and software that has never been manually checked by anyone for anything. Mint has to draw a line somewhere between software they offer to users and software the users must manually seek out (although Mint still distributes it), and given this massive difference, it makes total sense for the first category to be included and the second category excluded.
Also, third party packaging often infringes on the trademarks of software vendors. Spotify has third party distributions because they're actively choosing not to sue the packagers, but this, and the fact that package managers don't emphasize that the package is unverified even though flathub offers that information would likely come up if a Spotify package would ever be compromised in a mainstream distro like Mint where users aren't assumed to be fully liable for their use of the package repo.
@@tacticalassaultanteater9678Agreed.
@@tacticalassaultanteater9678 Well, Spotify carries packages of media. The DMCA (in USA) has it that if you own a copyright in something that you discover is in a package of media hosted on a third party, you first have to tell the host to take it down. RUclips is big enough that music publishers negotiated a separate deal for detection of alleged bootlegs to avert a class action lawsuit about which nobody knew what kind of verdict or ruling it would get. Is Mint big enough to have this forced on them? I'd laugh at the idea, because it's kind of like I don't see this special deal happening with smaller video hosts. What's the worst likely thing, Flathub being told to take a pak down, whereupon if the party who put the pak up gives a DMCA counterchallenge, that party then can be sued?
I think we can both acknowledge that verified flat packs do not mean they are secure, but also point out the much larger security risk of installing a flat pack from an unknown author. I’m OK with the warning about security, but I agree that it should be wordsmith in a way to not imply that verified flat packs are safe.
Nicely argued. I accept your points. I simply don't agree in this case. Yes the maintainers can inject malware, yes it sucks to not have the software that you want. However the maintainers are less likely to be injecting malware. Unfortunately I do agree that this will be causing problems for the mint team further down the line. However I think the reasoning is sound.
I 100% agree with you. Phrasing it like that implies that verified flatpaks are safe. False sense of security is not an insignificant risk.
Taking your ssl example.. I think a per download warning would be much better. Like: you are about to download an unverified package, click here to continue.
They miss the point completely. It should be a reminder, just enough to make you think "wait, is it really what I want to download?". Not an annoyance.
In this state, people will get frustrated once, toggle it on, then never think about it again.
I think that's nice the Verified/Unverified filter, and it's ok to be disabled by default, it's far from what Fedora did. However, this needs a "first time setup", a walkthrough those options and must show what are the potential software they will miss by keeping this disabled.
Linuxmint is the only Linux distribution that comes close to a perfect desktop
With a verified app your trust is placed with the developer of the app, which they already earned if you wanted to use their software anyway. This says nothing of whether or not their app is malicious, you trusted them, that is on you.
With unverified apps however, there is an additional party involved that you have to trust. This party has been vetted by nobody and has done nothing to earn anyone's trust.
Verified is just bad naming for what this actually mean. If you ask any random user what they expect from the flag, they will speak about security. And this is an issue.
Should be renamed to something like "packaged by developer/first party", and do not create confution
It does improve security. You can compare it to arch official repositories vs aur. Verified packages are those maintained by trusted users (official repositories) vs unverified users (aur). A verified user is less likely to distribute malware (yes the trusted user can get hacked but that is far less likely). Also from a windows users perspective its good as well. Its common in the windows world to search for a package, for example obs studio and one time the first result on google search was a third party site with malware. If google put trusted sites at the top nobody would have installed the malware. Nobody is saying it removes malware by making packages completely trustworthy, but it reduces the risk of distributing malware (and especially for new users to install malware).
Perfect security doesn't exist, but there are simple solutions to reduce risk of getting malware by a lot.
The aur vs arch repos are a very different case as there is a verification process before even being allowed to upload packages to the arch repos. There is basically an interview process before being allowed in that group
@@BrodieRobertson It's not that different. Both processes are for gaining trust. The developer is the highest level of trust as realistically nobody reads through the whole source code and for every commit except the main developer. Maintainers are often not the developers so they need to get the trust another way. The thing they share in common is the trust, even if it's in a different way and the way of verifying that is similar between package managers and verified flatpaks. Package managers even verify maintainer with public keys (at least arch does), which is similar to what flathub does.
In the case of the interview they dont review the entire source code (and do it for every release), so its the same as flatpak.
If you cant trust a flatpak verified by the developer then you cant logically trust a package manager version of the software either. Software installed from a package manager needs an additional layer of trust (maintainer who isn't the developer) so its even less safe technically (people think that package maintainers read source code for malware, no they dont really).
Brodie, I usually love your videos, but this title is just a lie...
Linux Mint does understand how verification works, they just disagree with you.
Just because verified flatpaks can distribute malware, doesn't mean that they're still not more trustworthy than unverified flatpaks. Downloading software from the original distributor is always more reliable than a 3rd party.
Moreover, you really think new users coming over from Windows know how to file bug reports? No way.
It happened with Fedora because Fedora is a distro for advanced users who actually know how bug reports work.
Maybe the verification system should have three levels instead of just two. Verified, trusted and untrusted. At least, what seems to be communicated in this is trusted and untrusted even if the ones that publish the flatpak are trustworthy. I get that yellow is supposed communicate caution but for some it might as well be red.
the "verified" label should be a "trusted" label instead, since the apps and its safety to the user are not verified every time the binary updates, the devs are just trusted to be angels going forward
That wouldn't be much better, because people will assume that trust is warranted.
"Trusted" to me signals that the devs are trusted by Mint's reviewers or by other users according to some poll, whereas "verified" means "are who they say they are". Verification means that the truth of a claim has been asserted.
Just call it "Packaged by the developers", why are we hiding the meaning behind euphemisms
Should be "Official Package" and "Unofficial Package" would cut down on confusion and wouldn't imply security. The term "Verified" to me implies someone audited the build and source and "verified" that there was nothing malicious to be found. Official/Unofficial has no such implication.
They are technically more secure if you're talking about more popular apps. Since the developers of those are less likely to be malicious. That's not a guarantee, of course, but it's better than nothing. For less known apps, I'd say it's about the same. Still a good change IMO.
Have you ever reached out to Clem for a tech over tea? It'd be interesting to see!
"Is X safe?" "I used it, it's safe".
I've seen such conversations a lot on Reddit. Just because you used something doesn't mean it's safe. A successful attack goes unnoticed so you can keep doing it.
I think there is a security benefit to disabling unverified Flatpaks by default, I think Mint just worded their warning wrong. Verified Flatpaks are less likely to contain malware as they are developed by the devs of the project. But it's not a silver bullet and should be explained as such.
I understand it as an optional filter in the list, but not at all as a default security measure. If they want a security option, there's surely some way to "verify" actual safety.
9:46 I don't think there's much risk of this. Anybody with the know-how and motivation to file a bug report will probably notice the setting in the software manager. I could be dead wrong, but I don't think it'll be a huge issue.
in the fedora KDE spin, if you open discover and check settings, discover has a nice little button that says "add flathub"
I don’t understand it either. They have no idea who the developer is. According to the flathub reply to me, they can’t verify the author. Only that the app came from the person uploading. I could claim to be Adobe and upload Adobe apps. The VS Code upload packaged by just someone says “by Microsoft” on it.
Linux Mint is in the right here.
You couldn't just claim that unless you have access to a repo connected to Adobe
@@BrodieRobertson Per their reply to me they cannot verify developer accounts and thus cannot change the VS Code listing to not say “by Microsoft Corporation” when Microsoft had nothing to do with that app being uploaded.
@@keyboard_g It has a big badge next to it that says unverified
Right. And so Mint is correct to not trust giving that to users. They have zero verification that the package is "By Microsoft Corporation" 😂 It could be packaged with malware.
Mint is distro for "grandma" computers and like.
Makes sense considering snap's wallets disasters(did you notice that I used plural?).
Compromises happen much less frequently than impersonations.
If user is confused what verification is, they definitely should be restricted from what they can install or LTT's removing x11 on reinstalling steam would look like a something to be expected
They fixed that wallet issue and put extra precautions about snap publications :)
Nope, linux mint is right disabling those "unverified flatpaks." Not only is it not safe considering the flatpak uploader can literally be any no name joe with no repution unlike distro maintainers, often times they upload flatpaks that have broken functionality (like emacs, vim, neovim, alot of the IDEs, steam). It damages the package's image when someone downloads flatpak steam and stuff like their controllers don't work out of the box.
controllers cannot work with the steam flatpak out of the box but simply because flatpak cannot install the devrules automatically thats simply a limitation of flatpak
Except the criteria for getting verified seems to be so low as to be near negligible, thus sparing users from nothing.
Nobody checks verified flatpacks.
That is a good point though. If even Mint can get confused over what Verified means, how confused do everyday users get?
I'm not currently running that version of mint, but maybe they should have an Unverified version off that startup things to do but at the intro screen tell you about it and ask if you want to turn it on or off.
It's not out yet.
No doubt, hands down, long overdue improvement! BUT! I have to agree that it is not clear from the UI what "verified" means. There should be an alt-text on hover or something similar.
Nice haircut Brodie. Looking good mane.
it's true to say verified flatpaks are safer, in that there is one less person tl trust. take Signal for example - I already trust Signal to provide me with a safe client, but now I also need to trust the flatpak maintainer to not mess with that client. a maintainer I specifically know much less of and who could more easily be compromised.
I think your whiteboard nailed it. "It needs work." The Mint folks did this with good intentions, and I agree with having it toggled off by default, but the wording and the message is wrong. Something along the lines of official flatpaks and third-party flatpaks would be more accurate and educational for new users and less alarming.
Wouldn't be something like "Official" a much better terminology than "Verified"?
imo, its an improvement.
Made my first Flatpak last month and gave it to the developer, and now it is verified 😀
On that note, one should go and mark a large part of distro packages as "unverified" as well huh ;)
The whole point of Mint is to not configure things. This is a very weird change coming from the same team.
If you block unverified apps then the chance of a malware attack is lower simply because users have access to less software. The same is true if only verified apps are blocked or if 50% of apps are blocked at random.
Look how they massacred my boy's hair!
MentalOutlaw's haircut!
Have they removed it or something?... I can't find this Software Manager options window anywhere.
The 2 options on top ("Search in packages summary/description ...") are there, under the three horizontal lines button (in a popup next to it when you press it), as 2 checkboxes.
Hm...
I think Flatpak needs to rebadge the app "verification" levels as "Official" and "Unverified." "Official" applications are developed or otherwise sanctioned by the application's development group. "Unverified" applications are applications that can't be traced back to the application's development group.
This is reminding me of what Microsoft did with Windows apps, where they push you to only download from their store!
I feel like having used Windows for almost 3 decades might not have been the worst after all. Because it made me cautious about what I install on ANYTHING.
Linux, Windows, Android, doesn't matter, I've learned that NOTHING protects your OS against malware you (unintentionally) invite with open arms.
But Mint's approach with wording will definitely let anyone without this knowledge run into the knife eventually...
I would keep verified but only for actually verified by humans stuff, and add a "made by source" or some other variation of that, to the ones mantained by the original creators/current mantainers.
I wish Flat hub used a different term than "Verified". It has no real meaning for the average user unless you go look it up - and no one does that.
I Have Nothing to Complain about Linux Mint...its a Masterpiece
This one is quite the thing to witness as a new linux user, i don't really know what to make of all this really.
Thankfully i don't install much of anything, like, seriously nothing beyond firefox to browse youtube and steam for my games. I don't do shit else lol
I'm with Linux Mint on this, many unverified flatpaks have broken or insufficient permissions which will give users problems. New users such as those who run Mint won't know what's causing these problems and blame linux as a whole. It's extremely silly to download software without verifying who is distributing it. Just because a problem doesn't exist yet doesn't mean we shouldnt be preventing it.
So it's best people don't even try to install them? i could be wrong but isn't most of flathub still unverified? it's confusing to new people as it is how to install apps on linux and if nothing shows up by default it could make things worse
@@iodreamify Nothing showing up in the software manager is better than something buggy or malicious showing up in the software manager.
I do not use unverifies flatpack, if an app is not available on flatpack , i use the snap version. Of there is no sich version , i will search for the deb. I know the app could be safe , however its one more step that someone has to do , like ssl
Nah. Verification can definitely be considered for security purposes. If you don't download unverified flstpaks, then I can't just impersonate an app to phish your login details for Firefox Sync or Spotify or whatever.
Though is still disagree with mint misappropriating the system, and I think verification is a bad name.
Please reveal where LM have said "verified = safe"
It is heavily implied
So, what you're saying is that snaps are better? /s
Yeah, i am surprised snaps were not mentioned considering they let "wallets" at least twice to be uploaded there by malicious randos. That's literally a vector of attack that Mint thwarts.
(Honestly I would go step further and paint unverified apps with giant red background)
To be fair this is mostly to help prevent my non tech savvy family from downloading trash i need to remove or virus
I'm a non-technical user of Mint, but NOT a new user. Been using it for years. That's a distinction worth bearing in mind: it's not that I don't YET know stuff, it's that I've got other things I'd rather be deep into than Linux technicalities, and I rely on useful sources, such as yours (thank you) to help me sort out what I really need to know to use Linux felicitously.
It sounds presentational, really. So "Verified" is not a guarantee of absence of malware, but no such guarantee is possible, I think? Someone sufficiently motivated and resourced could presumably infiltrate malware into the Microsoft Store (probably starting from Petrograd).
So the question is, for a non-technical user, are they better off sticking to Verified flatpaks? (I actually want to know, and so far I have the impression that the answer is "Yes," to some degree.) And if so, how to present the information? Remembering that non-technical users get MEGO pretty quickly.
A question I'd like the answer to is, which source is least likely to serve up malware: distribution's repo, Verified Flathub, unverified Flathub, random binary, random flatpak? I've got a clue, but I'd like to know the detailed rankings. Or perhaps it's not possible to give more than a general answer, which would be good to know.
Last, I take the point about what happens if flatpaks are not available through the preferred source. The answer might seem to be to say, "VLC is great (for example); we think you should install it from our repository, rather than this unverified flatpak." Given that the Mint package manager now shows traditional packages and flatpaks on the same page, this seems like a reasonable idea? And a way of combatting the erosion of safety measures (some clown will always tear down the fence at the top of the cliff).
Oh, and post-lastly, are there any advantages *for the user* in installing flatpaks? Is the sandboxing of any security benefit, for the user? Any benefits in app updates? I observe on the Mint package manager that typically flatpaks are a more recent version than what's in the distribution's repository, but I come to conclude that that's not necessarily an advantage
The Moral is maybe one of the things I learned in an early part of my experience with computers: don't be an early adopter. Wait for someone else to find the bugs (and now the scams). (And, BTW, never ever install version x.0, and with Microsoft wait for v. 3.1)
this is my preferred t-shirt, ngl
I was always wondering: FlatPak apps are being installed and are running via sandboxed safe environment, which basically acts like a VM'esque instance.
What's the point of being so paranoid, if it's all sanitized automatically by default, thus? Verified/approved/confirmed packages are fine, sure, but...hmmm...
Also, even despite the recent xz fiasco, 99.82% of all malware is aimed at Wangblows, Unix is still very "safe" even today, just as it is by itself, CAV is a meme.
Can you blame Mint?
Mint is trying not to do a Ubuntu and allowing those malware snaps
Well, Canonical fixed that issue :)
@@d3stinYwOw after how long?
They banned the guy, he made another account and uploaded again
@@IIGrayfoxII They fixed it on systemic side ;)
After years and years, sure@@d3stinYwOw
meanwhile I feel safer it the package maintainer explicitly is not the app developer. Why I should trust a random app developer? A package maintainer gives better trust that this app is trusted.
Yes varified should be a thing.
Wait a second, do I read it correctly that one can just go and create a fork of a project which isn't on Flathub, so you have control over it and then just publish it somewhat easily on Flatpak just like that?
What's the point of this?
That's not the case
@@razzeeee ok, but on that case it's really clear
This is why neckbeards shouldn't be allowed to name things
This is not "Verified" and "Unverified", this is "Official software" and "Third-party software"
It's hooking into the already understood verification concept from social media platforms
@@BrodieRobertson and shouldnt we all look to social media platforms as a guiding light :P
But is verified safer than unverified?
👍
should have been called "Official" not "Verified" because official sources can still fk up
Hey maybe there is a reason why trademarks exists
Too many Linux users have a false sense of security in regards to Flatpaks. Honestly Flatpaks should be considered as a more bloated AUR version.
Not supporting reviews or scores for unverified flatpack strikes me as the biggest issue of this change.
Let's say an unverified flatpack (like any other flatpack) is completely broken, or actually malware, how are people using Mint's software manager going to know about it?
This is just hiding at minimum useful, if not absolutely crucial information from users for what reason exactly?
I like to think I'm a pretty tech-savvy guy. I've been using Linux since the days of Red Hat Linux, version 4 or 5 (It was around 1997ish). Still, I would not be above filing a bug report to Linux Mint that flatpaks stopped working. Because I can be an annoying little shit when I want to be.
"Why are you using Linux Mint?" I can hear people ask. "Aren't you a tech-savvy guy who can install Linux From Scratch?" Sure. I can do that. I can compile from source if I have to. I can hand-tailor config files. But I don't want to. I want a Linux that just works the way I want it to without me having to dig into the guts of the system. I'd rather spend my time watching silly RUclips videos and playing Skyrim. Sue me.
Am i wrong saying that SSL means more than traffic been encrypted though? It should also mean that site has gotten certificate from party that my browser/OS trusts, but yea does not mean that the original site has not been compromised, but should make man in the middle impossible (or at least really hard) as far as i understand and should verify that you are talking to "original" site. Doesnt mean that the original shady site isn't trying to bamboozle you.
Agree with Brodle though that wording should be changed, but I think it is perfectly ok to filter our flatpaks that are not from original makers of the app as long as they give option to turn filter off and basically forcing people to read what it means to turn filter off. I am not dissing mint users here, but I think their user base has more users that are new to Linux and would benefit from reading said description. I might add text to search in case there are no results found that says that if you want to search for unverified flatpack, please enable unverified flatpack search, so that people understand there is a filter. Should still read that those are not from orginial developer and as such have higher security risk.
"Verified" doesn't mean "safe" it just means "original/genuine/official".
I can imagine an "verified" software spying on users.
Would be better to make some "bagdes", like "gold", "silver" and "brown".
Gold - official and open source.
Silver - official, but propietary.
Brown - unofficial, but open source.
No badge - unofficial, propietary.
It's wild to me that Brodie thinks non-technical users know they can click the lock and it tells them it's secure. Most people don't know there is a difference between http and https
Can we please get rid of all these ridiculous container-based package managers? Since OpenSuse is a proper distro and can pick and choose what to install before the installer does its thing, I make sure all of the BS including the KDE flatpak store doesn't even touch my hard drive.
No. If Minecraft or steam mod will get inflected again, I don't want them to reach my real file system, my docs, my work folder, my keepass files. We need more separation and sandboxing, not less. In 2002 I used several accounts on windows and it was pita. Containerization is a breeze
i'm going to take the opposite view on this. considering mint is the most noob-specific distro, to where i could give it to my grandma to run and she wouldn't have a problem, letting third parties publish flatpaks of well known apps (like spotify) could bait unknowing users into installing a malicious package with the name of a famous app, or the name of an app that they might be used to using/seeing, which might get them to install it. If they were to find it not working or malicious, they might complain to the first party developer, but since the flatpak isn't theirs, they can't do anything about it.
Also, xz *was* a hostile takeover. just a very long and planned out one.
Mint's move here feels similar to disallowing snap chromium that ubuntu shipped with a while back
This is a case of poor wording, like most PR managers, ironically
Unfortunately, I have to agree that Clem and the Linux Mint team missed this time. I don't agree with this decision because it's basically Windows Vista's UAC or macOS's permissions systems and unfortunately teaches users to just ignore warnings in general.
I hope they listen and at the very least give it until Mint 23 or just can the idea.
2:34 They want to keep Windows user save because we don't know shit what is the diff about many versions of same software and because Flatpak is a fking mess.
Linux Mint and their homeopathic security measures are always a pain 🙄
Proprietary software is fine but a Flatpak with no permission a security risk?
What's worse, their software store doesn't even show what permissions ans licenses the software requests
Before the current LTS version you didn't even have the option to automatically remove old kernels
I think you dont understand the meaning of the verification. Firstly its not only the original but also third parties can get a verified package if the original developers agree. An unverified application means that the developers either dont care dont want the Flatpak to be published. It would not mean ANYTHING if there would be no difference between verified or unverified. We had a lot of cases where people tried to hack projects to distribute malicious code. Actually I was convinced that every flatpak was somehow linked to the original project and I did not realise the existence of verification so far. Or i thought every flatpak is verified. So I think this switch is important. People shpuld seek verification for their packages.
Verification is just poor code signing, and code signing was already a useless hack. This will not make anything any more "secure".
Flatpak is too slow for Minsters. Nothing wrong with that.
Can't see how would you fix this when the language is clear, this whole semantics debate misses the point entirely that all it reffers that it has been check, revised and backed by the distribuitor, if anything bad ever happens you know you have a failsafe who will simply not spoof away into existence which is a sign of trust. The problem with managing 3d party apps is that incase of incurring a failure of security you simply cannot locate this person because they simply will avoid any concequences of the damage at all costs.
Safety is a practice not a garantee, you simply cannot indulge yourself into believing that such safety exist. In the same way as how doctors, electricians and plumbers are also verified by the state does not mean malpractice is immune but you have the levels of safety practices and levels of trust that reduces the chance of ever happening.
If you want to avoid being responsiblity thats fine and all, but concequences of substantial damage isn't a immunity when you are distribuiting goods at a certain scale.
Damage and breaches are innevitable, its how you mitigate those damages as much as possible and gain the trust to adapt and change for better improvement.
I think it's a dumb move by Linux Mint, but I don't use it so whatever I guess
am i wrong for not even liking flatpacks? i just never needed them neither i mean
Mint/cinnamon is a trash gnome rip-off using old code. If you want a traditional desktop just use KDE.
ah yes, unverified sandboxed application is a security risk... /s
Sandbox can be breached using thd permissions system
ngl I think both the "secure" and "verified" are just horrible descriptors. there should at least be a sentence when you hover over the symbol that explains what it actually means.
Sounds like flatpack is the new Windows spyware on Linux. A troy horse in the entry door.
Sounds like verification is pointless if it is that easy to get verified.
Linux Mint doing Linux Mint stuff. They have good intentions, but those are the pavement of the road in hell.