Strypey  

> If you want to restrict what Patchwork can do on your system, you can run the AppImage in a sandbox like Firejail. This is entirely optional and currently needs to be configured by the user.
appimage.github.io/Patchwork/

AppImage ought to have built in sandboxing from day one. Without it, it's highly irresponsible to encourage users to download random files from the net and give them permission to run without sandboxing. This punches a bus-sized hole in newbies' GNU/Linux security.

#AppImage

1+
kravietz πŸ¦‡
Follow

@strypey

AppImage not only has no sandboxing but also does some rather dangerous operations (mounts, scripts ran) when the binary is started. And it comes with zero integrity assurance because it's essentially a large executable binary that you download and run, without any digital signatures.

At the same time Patchwork is also available as a Snap, which comes with pretty strict sandboxing, digitally signed package and automated updates.

Β· Β· 0 Β· 0 Β· 0
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…