I usually trust my distro repos without checking. Can the same be applied to flathub without much worry?

  • @RegalPotoo
    link
    181 year ago

    They aren’t inherently safe. I don’t have any examples of Flatpak packages off FlatHub being poisoned, but FlatHub does allow “community” maintained packages - as in, someone unaffiliated with the development team of an app packages and publishes the app to FlatHub. That would seem to be a really good place to get into a supply chain if you were a bar actor.