> If you want to restrict what Patchwork can do on your system, you can run the AppImage in a sandbox like Firejail. This is entirely optional and currently needs to be configured by the user.
https://appimage.github.io/Patchwork/
AppImage ought to have built in sandboxing from day one. Without it, it's highly irresponsible to encourage users to download random files from the net and give them permission to run without sandboxing. This punches a bus-sized hole in newbies' GNU/Linux security.
@strypey Wat? I thought that was the whole point of tech like that. How does it even compete with Snaps and Flatpak then? Seems pretty useless to me to be honest.
The whole point of AppImage was to easily deliver and run an application with complex dependencies. I don't think it ever aspired to provide increased security.
FlatPak and Snapcraft do but as result they come with steeper learning curve and things don't "just work" due to the confinement so you have invest extra time to solve problems.
@kravietz
> I don't think it ever aspired to provide increased security.
Did it aspire to totally destroy security? Because without sandboxing ...
Here's an AppImagine of my latest app. Before you download it, can you email me your root password? Because the moment you mark my AppImage as executable, you are giving me root on your system. If you're cool with that, why not just email it to me and let me install stuff, to save you the trouble of mucking around with the AppImage? ;)
@raucao