Flatpak considered harmful?

I was seriously considering installing EndlessOS on an old PC but after reading an alarming article I found on Hacker News I’m now I’m recalcitrant. Apparently Flatpak, the sole package manager for EndlessOS, is wildly insecure? Is this true? Is anything being done about it?

https://github.com/flathub/flathub/issues/670

We agree with Alex Larsson’s comments on that thread.

I also wrote a blog post about the wider topic of “Why Flatpak” and how real these security concerns are - https://ramcq.net/2018/10/15/flatpak-sandbox-security/

1 Like