Re: a two cent suggestion

To: Hakan Bayındır <hakan@bayindir.org>
Cc: debian-user@lists.debian.org
Subject: Re: a two cent suggestion
From: Dan Ritter <dsr@randomstring.org>
Date: Thu, 1 Dec 2022 08:51:45 -0500
Message-id: <[🔎] 20221201135145.a7j5y7gv75cxqw5n@randomstring.org>
In-reply-to: <[🔎] fdf09bb3-d87a-ce6a-cef8-8ec017585731@bayindir.org>
References: <CAGKjw9+AJsqGM3uRRyfg+C+L3qgSOXecLcQcGoncabRksDRR=A@mail.gmail.com> <[🔎] 30b07d7db29fd6c494699edf77438c9b480f1b5e.camel@debian.org> <[🔎] fdf09bb3-d87a-ce6a-cef8-8ec017585731@bayindir.org>

Hakan Bayındır wrote: 
> 
> 
> I think AppImages are great (from my perspective) for allowing people to run
> whatever they want on their systems, without getting root privileges and
> having a sandboxed, hermetically sealed application with batteries included.

If they actually did that, it would be great.

* sandboxing is optional (and in the control of the developer,
  not the user)

* integrity is not assured

* authenticity is not assured

* no source is trustable

The only thing that AppImage gets you is dependency assurance...
which is itself problematic if the dependencies have security or
functionality issues. Faced with a malicious source, users are 
completely helpless.

-dsr-

Reply to:

References:
- Re: a two cent suggestion
  - From: Paul Wise <pabs@debian.org>
- Re: a two cent suggestion
  - From: Hakan Bayındır <hakan@bayindir.org>

Prev by Date: Re: a two cent suggestion
Next by Date: Debian wiki update: ask for review
Previous by thread: Re: a two cent suggestion
Next by thread: Monthly FAQ for Debian-user mailing lists [No updates November 2022]
Index(es):
- Date
- Thread