I was seriously considering installing EndlessOS on an old PC but after reading an alarming article I found on Hacker News I’m now I’m recalcitrant. Apparently Flatpak, the sole package manager for EndlessOS, is wildly insecure? Is this true? Is anything being done about it?
We agree with Alex Larsson’s comments on that thread.
I also wrote a blog post about the wider topic of “Why Flatpak” and how real these security concerns are - https://ramcq.net/2018/10/15/flatpak-sandbox-security/