On 11/08/2016 01:30 PM, Matthew Miller wrote:
On Tue, Nov 08, 2016 at 07:14:37PM +0100, Jiri Eischmann wrote:
> Another solution would be shipping Fedora Workstation with trusted
> remotes with flatpak runtimes enabled. It's not a long list right now,
What criteria are there for "trusting" a runtime? Will users be able to
trace the sources that these runtimes are created from and the build
process used?
I'm not sure that's a reasonable question on which to base the decision, since
that isn't necessarily true of the flatpak's they're installing either.