The title says it all. Browsed Flathub and saw this fat warning label on the Steam Flatpak. Maybe not the best idea if you want to compete with Canoncial’s Snapstore, but hey, what do I know 🤷

  • wiki_me@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    This is the warning:

    This software is not developed in the open, so only its developers know how it works. It may be insecure in ways that are hard to detect, and it may change without oversight.

    tbh assuming automatically open source software is more secure is false, At least one link which mentioned studies said that open source probably does not always “outperform” closed source software in term of security.

    The relative security of open source software has been examined repeatedly by researchers since the early 2000s. Open source software contains no more flaws on average than proprietary software. In some cases, it may have fewer vulnerabilities.

    Some might argue that having a paid team means better security, So i don’t know if the warning about security is really justified, and it might give people a bad impression about flathub (that it is being dogmatic), at least link to some page providing a more detailed explanation would be better (and might prevent new FOSS users from getting a false sense of security).

    • RandoCalrandian@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      No one claimed it was more secure

      They claimed that if you needed to vett it for specific vulnerabilities, you were capable of doing so

      And the song and dance about “open source isn’t more secure” is meaningless, as you don’t care about security the same way in all applications, and the ones trivial enough not to care about are going to be by and large open source

      (Assuming their data collection methods were even adequate, as by definition they could only vett the open source half of the claim. We know for a fact that proprietary software routinely buries or hides vulnerabilities unless forced to do otherwise)