52
Signal on Linux (lemmy.today)
submitted 2 weeks ago by theorangeninja@lemmy.today to c/foss@beehaw.org
55 comments fedilink hide all child comments

How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?

you are viewing a single comment's thread
view the rest of the comments
[-] HoornseBakfiets@feddit.nl 22 points 2 weeks ago* (last edited 2 weeks ago)

As a maintainer of another unofficial flatpak:

You can always check the source code of the flatpak (code that downloads the dev then runs it inside the flatpak sandbox) here: https://github.com/flathub/org.signal.Signal

Any of the current maintainers could add malicious code, but that would ruin their GitHub & by proxy:Twitter,LinkedIn credibility.

Flathub have final say on what is built and hosted on their flatpak repository (Flathub != Flatpak) and are able to remove versions at will.

[-] HoornseBakfiets@feddit.nl 10 points 2 weeks ago

Personally I don’t understand the large warnings on flatpaks built by others, by that logic you should get a warning sign each time you download from the Ubuntu community apt repository.

OSS is built out of love, and to me this warns guilty before proven innocent.

[-] theorangeninja@lemmy.today 9 points 2 weeks ago

Well I think you have to distinguish between a messenger and other programms, because a messenger has a lot of sensitive data.

load more comments (3 replies)
load more comments (6 replies)
this post was submitted on 16 Jun 2024
52 points (100.0% liked)

Free and Open Source Software

17480 readers
109 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
Gaywallet@beehaw.org
alyaza@beehaw.org