Except now you dont need to worry about outdated software even on a super stable base. You get proper permission control and a mispackaged app cannot break the entire system.
Because permission control is what most people expect on phone application, which is another way linux has great default UX that is similar to what happens on phones.
Finally, I don’t think a mispackaged app is supposed to be able to break out of the application sandbox, unless some bug is exploited.
Unless you are referring to the fact that some app are packaged with overly-permissive default permissions. But most people can change the default permission, and only grant permissions that makes sense.
Finally, I don’t think a mispackaged app is supposed to be able to break out of the application sandbox, unless some bug is exploited.
At least one of mentioned formats(AppImage) is regular executable. There is no need to break out of sandboxing when maintainer didn’t put it in sandbox in the first place.
Anyway, mainline distros have selinux or apparmor profiles. Sanboxing exists outside of three yet another “universal” package formats.
But most people can change the default permission, and only grant permissions that makes sense.
Except now you dont need to worry about outdated software even on a super stable base. You get proper permission control and a mispackaged app cannot break the entire system.
How did this come up in discussion?
Anyway. Mispackaged app may also include broken permission control.
Because permission control is what most people expect on phone application, which is another way linux has great default UX that is similar to what happens on phones.
Finally, I don’t think a mispackaged app is supposed to be able to break out of the application sandbox, unless some bug is exploited.
Unless you are referring to the fact that some app are packaged with overly-permissive default permissions. But most people can change the default permission, and only grant permissions that makes sense.
At least one of mentioned formats(AppImage) is regular executable. There is no need to break out of sandboxing when maintainer didn’t put it in sandbox in the first place.
Anyway, mainline distros have selinux or apparmor profiles. Sanboxing exists outside of three yet another “universal” package formats.
You mean people who package or end users?
I mean user can manage permissions to override the default, like apps on other platforms.
Basically how it is and was before mega-binaries.