Also, a backdoor in this particular program can steal your PGP keys.
Now you can make that decision. Evolution is also available from the Debian and Arch (and others) repos without sandboxing, if you’d prefer it to have access your whole system.
You can also remove those permissions with the Flatpak cli, or Flatseal.
It’s in no way like Android where “OpenKeychain” were forced to define a protocol and now reading a key prompts the user.
I don’t see why this couldn’t be done with Secret Service, just no one does so no one expects it. You should email one of the mailing lists for GnuPG if this bothers you though.
Oh, and one of the few dozen local privilege escalations found by AI in the mountains of trash of our great kernel completely negate all of this.
Well yeah, sandboxing/containers/namespaces were never guaranteed to be fully isolated, there’s a reason all the cloud companies settled on VMs over containers. It’s just one line of defence that you otherwise wouldn’t have.
Again, you seem to be missing the point. Nobody would be “removing permissions with xyz tool”. People are told something is safe, therefore it must be safe. If it’s not then it’s not. And again with PGP, one example how a “simple user” could have PGP keys is if they use PGP email at work. Management != tech people, so container must equal safe in ooga booga brains. Keys get stolen because of supply chain (remember that library updates are separate and slower for flatpak). Container must equal safe, so everyone disregards what was written about XYZ program and the one to blame becomes the simple office worker*, another victim of capitalism*. Or the IT guy. My point is, marketing wrong.
The screenshot earlier in the thread clearly said “Evolution is potentially unsafe”, so if the user continues to install it then that’s a risk they took on themselves
Now you can make that decision. Evolution is also available from the Debian and Arch (and others) repos without sandboxing, if you’d prefer it to have access your whole system.
You can also remove those permissions with the Flatpak cli, or Flatseal.
I don’t see why this couldn’t be done with Secret Service, just no one does so no one expects it. You should email one of the mailing lists for GnuPG if this bothers you though.
Well yeah, sandboxing/containers/namespaces were never guaranteed to be fully isolated, there’s a reason all the cloud companies settled on VMs over containers. It’s just one line of defence that you otherwise wouldn’t have.
Again, you seem to be missing the point. Nobody would be “removing permissions with xyz tool”. People are told something is safe, therefore it must be safe. If it’s not then it’s not. And again with PGP, one example how a “simple user” could have PGP keys is if they use PGP email at work. Management != tech people, so container must equal safe in ooga booga brains. Keys get stolen because of supply chain (remember that library updates are separate and slower for flatpak). Container must equal safe, so everyone disregards what was written about XYZ program and the one to blame becomes the simple office worker*
, another victim of capitalism*. Or the IT guy. My point is, marketing wrong.The screenshot earlier in the thread clearly said “Evolution is potentially unsafe”, so if the user continues to install it then that’s a risk they took on themselves