catweazel wrote: ⤴Fri Mar 15, 2019 7:34 am
Library. The application will keep a searchable database of what was archived, where and when, hence Athenaeum.
That's awesome.
catweazel wrote: ⤴Fri Mar 15, 2019 7:34 am
It's quite simple. The security issue comes down to trust; either you trust the AppImage or you sandbox it. Given that you can download almost anything as an AppImage, you have no idea what you may be letting yourself in for. For example, I trust Balena's etcher as an AppImage, but I wouldn't necessarily trust an AppImage named ScribbleOnDisk by DarkLordVolderWart
Exactly, trust, I only download apps from trusted developers, I'm not one who would like to try an application that has no information on the web or which has no verified developers backing them.
But, I read a discussion about this trust analogy and that completely blew my mind.
The reason the system repo is safe is because it is verified regularly and the distro devs are really careful what they're passing.
They have a huge community and they can communicate with their users if any major security issue(most likely an attack) is encountered.
But in general, single or small developers might not have this big of a backing or resource because of which they might be more susceptible(not by an alarming rate) to an attack.
So, their websites might get hacked(for a day or two at max) and malwares can be distributed.
Now, this is where the trust becomes an issue.
We trust these developers and they would never choose to distribute malwares, but in some cases, someone pretending to be our trusted developer distributes a malware to users.
Smart and updated users might know what's up, but people who work a lot in offline modes and don't have much of an online presence might not notice the discrepancies.
This kinda scared me.
I trust my developers to protect their users at all costs, but there's still some risk and if we, as in users, could find a way to implement some safety measures like sandboxes, maybe that can work as a safety net in cases of emergencies.
I know, this fear might just be a xenophobia.
And I'm sure, you might have figured this out by now with all that experience clearing your thoughts, but I'm a little worried.
Let me know what you think about this.
Thanks.
catweazel wrote: ⤴Fri Mar 15, 2019 7:34 am
For example, I trust Balena's etcher as an AppImage, but I wouldn't necessarily trust an AppImage named ScribbleOnDisk by DarkLordVolderWart
EDIT: I'm dumb but I'm not dumb enough to not notice Lord Voldemort, "Haarryy."
It would be really great if we could provide/maintain a list of trusted AppImage developers.