It matters as the security rating is based on that, apps like KDE Systemsettings or Flatseal show that etc.
I agree that asking for permissions is better.
Placing an override in ~/.local/share/flatpak/overrides/global would be an easy workaround.
Desktops could implement dialogs that use the currently preset permissions.
Having a sandbox that is optional for the developer rather goes against the point of a sandbox, don’t you think?
No, these are defined, enumerated holes in a sandbox. Without a sandbox you need to monitor the behaviour yourself or other things.
This is the only good working GUI sandbox I know.
half of the apps on Flathub right now just wouldn’t work because they don’t support the filesystem portal.
Important point here:
the portal should allow static permissions too
apps that dont support portals would also not support asking for permissions, natively. A workaround could be done, using dbus, and asking for everything when the app is launched first time, BUT
Linux has a tiny marketshare
flatpaks are not the only ones
people dont care about security that much (look at my survey, I will post an evaluation soon)
permissions on Linux are more complex than on the actively restricted Android. External media, devices, filesystems etc
HTTPS-only mode (which I think should be the default)
I should open a bug about this. It cant be that this is not default, it works well and I agree on the style of implementation.
But this would also need apps to have that mechanism. A Libreoffice will just say “file doesnt exist” currently.
let them focus on the really important packages
Thats why I like Fedora Atomic. The core is as small as possible, the apps are just base stuff or upstream stuff like the Desktop. Everything else is a Flatpak.
It is so much more secure.
RHEL / CentOS has different repos for core and extras. More distros will do that