Security of flatpak runtimes
Jiří Janoušek
janousek.jiri at gmail.com
Wed Apr 5 09:00:11 UTC 2017
Hello everybody,
Since I announced the intention to distribute my app only as flatpak
builds, a few users have raised a question about the security of the
official Flatpak runtimes (Freedesktop and GNOME). I think it is
important because we still cannot rely on the sandbox completely (e.g.
because of the insecure design of X11 or other metadata options to
make the sandbox weaker). However, I haven't found any information on
that topic.
- Does anyone track security vulnerabilities in the bundled libraries?
- Are security advisories published? Where can my security-conscious
users find them? Is there a mailing list or a web page for that?
- How are security vulnerabilities in the bundled libraries addressed?
Are they addressed in a timely manner?
Best regards,
Jiri Janousek
More information about the xdg-app
mailing list