@blacklight447@kev@purism doesn't flatpak, assuming it is implemented correctly, offer sandboxing for applications? From what I've read in the documentation the preferred method of software distribution for the librem 5 is through flatpaks.
@vancha@kev@purism currently ( or last i checked) it requires you to either find an already written flatpack policy or write your own, if there is no policy, then it runs uncontained, which is why i said unsandboxed by default.
@blacklight447@kev@purism ah yeah that makes sense. We'll see if the device eventually gains enough traction for things like this to become standard for an ide like gnome builder or something. Seems like a very valid problem to be addressed at some point.