this post was submitted on 22 Jun 2024
320 points (96.8% liked)

Linux

48323 readers
884 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Imagine your friend that does not know anything about linux, don't you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?

I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S

I believe this warning could have a less alarming design, saying something like "This app can use elevated permissions. What does this mean?" with the "What does this mean?" text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have "verified" on the app and a red warning saying "Potentially unsafe", the user will think "well, should I trust this or not??"

you are viewing a single comment's thread
view the rest of the comments
[–] bloodfart@lemmy.ml 11 points 5 months ago (2 children)

Good.

People need to view out of channel software with a hairy eyeball.

Hell, I run Debian all over and it’s absurd that the main repositories don’t do checksums on downloaded packages!

[–] Nisaea@lemmy.sdf.org 5 points 5 months ago (1 children)
[–] bloodfart@lemmy.ml 1 points 5 months ago (1 children)

yeah apt just trusts the server if it properly identifies itself

the barrier to entry for attacking that seems pretty high though

if that freaks you out, switch to a rhel derivative, they got a shiny progress bar

[–] Nisaea@lemmy.sdf.org 1 points 4 months ago

Interesting, but switching will be difficult, unfortunately...

Thanks for the info

[–] refalo@programming.dev 2 points 5 months ago* (last edited 5 months ago) (1 children)

I think it's absurd that most distros have no tools whatsoever for doing regular checksums of their own files. Windows certainly got that part right IMO.

[–] bloodfart@lemmy.ml 2 points 5 months ago (1 children)

I’m double checking this myself now, but there are plenty of tools (debsum) they’re just not part of the default implementation as of last time I looked.

[–] refalo@programming.dev 2 points 5 months ago (1 children)

Right, I'm talking about like periodic or real-time scanning and alerting, which DISM/SFC on windows does.

[–] bloodfart@lemmy.ml 0 points 5 months ago

i'm almost 100% that debsums on apt stuff and the --verify flag in rpm distros do what sfc did. (kinda, debsums and --verify check against a list of checksums from the repo, i'm pretty sure sfc cracks open an actual known version of the files and compares em with whats on disk)

idk what dism does.