> Can you elaborate? What security issues?
> Could installing runtime X subvert runtime Y used by other apps, e.g.
> by claiming that X is an update for Y? In that case I'd expect that
> GPG keys have to match, or something like that.
Yeah, the app requires the runtime X which is not installed and adds a
remote to install it, but the remote could also contain a malicious
version of the runtime Y which is already installed and used by other
apps, and the malicious version overrides it as an update. Then other
apps get infected.
I think all that matters are runtime ID and version, AFAIK GPG only
checks if the runtime comes from the remote it claims it does.
Yes, there could be a safety catch that would prevent updating the
runtime from a different remote than the original one.
I think this is quite essential to have. It would allow automatic runtime installation
without any questions asked, which is something I expected (or at least hoped for) from
flatpack. I want to download a file and double click on it. I don't want to decide
whether remote X needed for runtime Y is trustworthy or not. The user should not even know
what a runtime is, it should be completely transparent :)
I'm no security expert but in my naive world it shouldn't be too hard to make sure
that remotes can't supply updates for runtimes from other remotes, using digital
signatures.