Hacker News new | past | comments | ask | show | jobs | submit login

Is there a security comparison somewhere of all the new fangled ways of getting up to date desktop software on Linux? snaps etc too?

I suppose the real answer may always have been backports on debian distros - which is to say, trusted sources over technical solutions.




which is to say, trusted sources over technical solutions

This does not solve the problem where your a PDF reader from a trusted repository happens to have a zero day exploit. When it is exploited, the attacker could have access to all your files, since there are no further limitations unless you bubblewrap or firejail the application yourself.

Since sandboxing is one of the goals of Flatpak, the exploit would be limited to the sandbox (if sandboxing was enabled for the PDF reader).


It doesn't solve that problem, but it does provide a channel that is likely to receive an update in most distributions. It would be nice to not have to choose between sandboxing and security updates, though.


I agree, but nobody seems to be really working on (user-friendly) sandboxing of applications distributed through traditional package managers.

You can use Firejail or bubblewrap, but they are not exactly user-friendly solutions.


Spot on.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: