186
Fedora threatened with legal action from OBS Studio due to their Flatpak packaging
(www.gamingonlinux.com)
this post was submitted on 15 Feb 2025
186 points (98.4% liked)
Linux
7242 readers
381 users here now
A community for everything relating to the GNU/Linux operating system
Also check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Source?
flatpak build-sign, is what I can find in the documentation.
This seems to be blatant misinformation.
The default seems to require a gpg signature. It can be disabled for a remote with
--no-gpg-verify, but the default for installing and building definitely requires a signature.You keep talking about the docs, so please show me where is says that in the Flatpak Documentation.
You accused flatpak of being insecure. The burden to prove that is totally on you.
You have not provided a single link.
I'm am no expert on flatpak and just did some basic searching.
From reading the command reference it seems GPG-Verification is enabled for each remote and can't be disabled/enabled for each install. I can just find some issues where gpg verification fails
Documentation seems to be more user oriented and not developer oriented maybe someone more knowledgeble can go in the source code and tell us how it actually works.
So you linked to apt.
I guess good for anyone who finds this interesting…
But more on topic here is is a link to answer from 2020 from an flatpak maintainer:
You are not arguing in good faith.
I have linked multiple times to the docs and to the GitHub repository of flatpak.
Now how about you link to something useful in the docs that proves your point or maybe just a random article as source to your misinformation.