>With a permission model that apparently can't keep an image editing application from silently editing .bashrc .
It can, you can cut off all filesystem access or select certain areas. The problem is that programs often need special attention to make sure they work properly using flatpak portals. Currently not many devs are interested in doing this work since flatpak is pretty small right now.
So for now we must assume that Gimp built from the official source, is not a malicious program. Like we have for the last 25 years.
Yup, it's a classic catch 22. Sandboxing doesn't really work without developer cooperation. But there's little incentive for developers to work on it in apps that are easy to get outside the sandbox - or when it's easy to get extra permissions in a Flatpak.
It can, you can cut off all filesystem access or select certain areas. The problem is that programs often need special attention to make sure they work properly using flatpak portals. Currently not many devs are interested in doing this work since flatpak is pretty small right now.
So for now we must assume that Gimp built from the official source, is not a malicious program. Like we have for the last 25 years.