How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?

  • HoornseBakfiets@feddit.nl
    link
    fedilink
    arrow-up
    10
    ·
    5 months ago

    Personally I don’t understand the large warnings on flatpaks built by others, by that logic you should get a warning sign each time you download from the Ubuntu community apt repository.

    OSS is built out of love, and to me this warns guilty before proven innocent.

    • theorangeninja@lemmy.todayOP
      link
      fedilink
      arrow-up
      9
      ·
      5 months ago

      Well I think you have to distinguish between a messenger and other programms, because a messenger has a lot of sensitive data.

    • t3rmit3@beehaw.org
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      5 months ago

      Just because something is built out of love does not make it safe, and attestation is about safety. You wouldn’t trust an un-attested surgical device, just because there’s a really positive community around its design.

      Signal is a life-or-death app for some people.

      • Successful_Try543@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        The ‘appstore’ of some distributions, e.g. Linux Mint, displays a warning or hint for unofficial flatpaks. In Mint the display of unofficial flatpaks are toggled off by default and there is a warning or recommendation displayed against toggling on.