• million@lemmy.world
    link
    fedilink
    English
    arrow-up
    62
    ·
    edit-2
    8 months ago

    This is a good step but I still feel like it’s pretty obscure where a package is actually coming from. “by Google” or for the Steam package “by Valve” is really confusing and makes it sounds like it’s coming directly from the company. Unverified tells the user to pay attention but there is no hover over to say what it actually means.

    • conorab@lemmy.conorab.com
      link
      fedilink
      arrow-up
      63
      ·
      8 months ago

      Wait… so the author displayed in “by <author>” is the supposed author of the software, not the one that put it on the store? That’s insane! Also sounds like you’d be open to massive liability since the reputation of the software author will be damaged if somebody publishes malware under their name.

      It should be:

      • Developed by: <author of software>
      • Uploaded by: <entity who uploaded to store>
    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      7
      ·
      8 months ago

      Also maaany packages direct to issuetrackers of projects not supporting that flatpak.

      If someone knows where that flathub metadata is stored I would love to know, as the manifest is not it. I would like to fix those to link to their own bugtrackers