Am I the only one who sees the irony in it being a scandal for free software to fail to adequately restrict freedom? I just can't imagine an iPhone style restrictions model ever gaining momentum in open source. As much of a prize an App Store would be, it's just too at odds with the culture. I think what makes more sense for open source is to have better tools for monitoring what it's doing. The behavior of some of these programs with things like dns is like the hunger games and you can't trust the system to save you with a top-down permissions model when the system itself is the problem.
Security and open source philosophy are two completely orthogonal problems. You can a have an open source system that is the most secure, sandboxed implementation there is. Likewise you can have a completely insecure closed source proprietary system.
The freedom in open source could be the freedom to structure your system in the most secure way possible for running untrusted applications. It’s just that no one managed to achieve this yet in a satisfying way.
Not entirely. A few months ago I was reading about a controversy where the Emacs dev team was concerned about the ethics of conducting an online survey. Can you believe that? That's why I like using their software. You just know people who are that extreme philosophically will never in a million years betray you.
Don't you think tools like Bochs, QEMU, gVisor, etc. are reasonably satisfying? Security is a hard problem since there's an endless push and shove around its tradeoffs hence why sometimes the best one can afford is monitoring.
I see flatpak and snap as potential solutions to the problem of distributing proprietary software to Linux. Its in that usecase that I really want sandboxing and where the current solutions are lacking.
Right now I'm most happy with Firejail for sandboxing proprietary applications. It doesn't solve the packing problem but seems to do the best job at actually limiting what applications can do.
