IIRC Discover on KDE also tells you on the update list. But only somewhere in the list of updates - theres no explicit dialog warning you of changes/new permissions
Only downside: Initially the creator of a Flatpack defines how it is sandboxed. For Steam it’s rather permissive. It’s not like on mobile where you get asked for permission for everything potentially dangerous/privacy invading, but rather like the earlier days on mobile where you install a Flatpack and implicitly allow all permissions it wants.
An update might change the permissions or introduce new ones. You can use tools like Flatseal to change the permissions of installed Flatpack apps, but keep in mind that those changes will probably be gone after the next update and can introduce problems.
In the end, sandboxing something like Steam is hard, as you not only need to think about Steam’s permissions, but also any game you might run from it…
Every program ideally should be in a sandbox and if it wants permission to access something it should have to ask for it.
Kind of like Android or iOS.
Flatpak tries to accomplish this on Desktop, and it works, but isn’t as comprehensive as something like Android or iOS.
On the extreme side, there is QubesOS, which runs every app in a dedicated virtual machine, including the networking stack.
Flatpak also doesn’t ask for permissions. If an app requires a new one does it just add it upon update?
I believe so.
I think either Bazaar or GNOME software center does tell you if an app asks for more permissions, I forgot which one though
GNOME Software. That’s not what I’m concerned about though.
IIRC Discover on KDE also tells you on the update list. But only somewhere in the list of updates - theres no explicit dialog warning you of changes/new permissions
Is that what proton does on Linux?
No, that’s just to make Windows programs/games run on Linux. But you can e.g. use the Flatpack version of Steam to Sandbox Steam and its games (https://docs.flatpak.org/en/latest/sandbox-permissions.html)
thanks, i didn’t know that! i’ll keep it in mind.
Only downside: Initially the creator of a Flatpack defines how it is sandboxed. For Steam it’s rather permissive. It’s not like on mobile where you get asked for permission for everything potentially dangerous/privacy invading, but rather like the earlier days on mobile where you install a Flatpack and implicitly allow all permissions it wants.
An update might change the permissions or introduce new ones. You can use tools like Flatseal to change the permissions of installed Flatpack apps, but keep in mind that those changes will probably be gone after the next update and can introduce problems.
In the end, sandboxing something like Steam is hard, as you not only need to think about Steam’s permissions, but also any game you might run from it…