Anyone got any comments on these claims about GNU/Linux security flaws?
@strypey A lot of these vulns require already gaining access, which isn't exactly a trivial matter on many systems so assuming you can get in, then there is a lot of really bad stuff you can do... It's a big if and I think the risk for most users is blown out of proportion. With good sandboxing a lot of the damage an attacker could do could be mitigated significantly. Also things like tripwire help a lot, but there are ways out of sandboxes and you can alias tripwire.
@tomosaigon if Flatpak is packaged by Debian, then by Ubuntu, then checked for nonfree bits by Trisquel, I'm pretty confident the version of Flatpak distributed through the Trisquel repos has had more independent auditing than any part of Windows, or any nonfree part of MacOS. Now, if the sandboxing Flatpak applies to apps installed using it is flawed, it's still better than none (eg AppImage).
@tomosaigon of course not ;) The whole point of tools like Flatpak, AppImage, and Snappy, is to route around the auditing done by distros, so desktop (and maybe now mobile) GNU/Linux users can have the latest versions of apps, right now. If they built in sandboxing that's effective in protecting users' systems from the devs of app (and especially the devs of app dependencies), and if that sandboxing is audited by distro package maintainers, that would be a good compro.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!