Imagine your friend that does not know anything about linux, don’t you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?

I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S

I believe this warning could have a less alarming design, saying something like “This app can use elevated permissions. What does this mean?” with the “What does this mean?” text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have “verified” on the app and a red warning saying “Potentially unsafe”, the user will think “well, should I trust this or not??”

  • SavvyWolf@pawb.socialEnglish
    2·
    3 months ago

    I like flatpaks and flathub, but this is just something they do badly. I think as well they also have “probably safe” which is just as unhelpful… And what does “access certain files and folders” even mean!?

    I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.

    • federino@programming.devOP
      1·
      3 months ago

      I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.

      Totally agree. The “verified” label will give new users enough comfort, and the ones who wish to know more will read the permissions.

  • KindaABigDyl@programming.dev
    1·
    3 months ago

    They should be worried. We don’t want them comfortable.

    So many negative things have entered our culture bc people don’t care about dangers. Nearly every app should have a warning

    • AeonFelis@lemmy.worldEnglish
      1·
      3 months ago

      Nearly every app should have a warning

      No. If you put a warning on every app (except for the most trivial ones that don’t actually do anything useful) then the warnings mean nothing. The become something more than ass-covering legal(ish) BS.

        • AeonFelis@lemmy.worldEnglish
          1·
          3 months ago

          What do you mean by “improving”? This alarming warning appears because Firefox requires permissions. Let us look at the permissions listed there:

          1. “User device access”. From the docs, I’d say the browser needs it for rendering?
          2. “Download folder read/write access”. This one is obvious - the files you download with your browser go there.
          3. “Can access some specific files”. This one, I’ll admit, is a bit cryptic - what files does it need to access? But this one is on Flatpak for making the permission so general.

          App permissions should not be about “this app cannot be trusted because it asks for scary scary permissions”. They should be about “take a look at the list of permissions the app requests and determine whether or not it make sense for such an app to need such permissions”.

  • bloodfart@lemmy.ml
    0·
    3 months ago

    Good.

    People need to view out of channel software with a hairy eyeball.

    Hell, I run Debian all over and it’s absurd that the main repositories don’t do checksums on downloaded packages!

      • bloodfart@lemmy.ml
        0·
        3 months ago

        yeah apt just trusts the server if it properly identifies itself

        the barrier to entry for attacking that seems pretty high though

        if that freaks you out, switch to a rhel derivative, they got a shiny progress bar

  • brochard@lemmy.world
    0·
    3 months ago

    In my opinion, those warnings are not used to help users but to shame developpers for not trully sandboxing and verifying their apps. Developpers know that having this warning will decrease the number of users downloading it. The goal in the long run is to improve app sandboxing and security.

    • MonkderDritte@feddit.de
      1·
      3 months ago

      By not letting the user import/export addon settings, bookmarks?

      Btw, i hate the opinion that the dev must babysit his users. It makes software worse, not better, look at Firefox’s profille folder for an example. If you have to, make an intro to train them.

  • PlantPowerPhysicist@discuss.tchncs.de
    0·
    3 months ago

    In defense of this warning, when I first put my application on Flathub, I had it because of how file i/o worked (didn’t support XDG portals, so needed home folder access to save properly). It did actually motivate me to get things working with portals to not request the extra permissions and get the green “safe” marker.

    A lot of apps will always be “unsafe” because they do things that requires hardware access, though, so I could see them wanting something more nuanced.