Removal from the Inkscape Website · Issue #87 · flathub/org.inkscape.Inkscape
github.com
The inkscape project is considering removing the flatpak format from the website's resources/downloads pages because of lack of maintenance. There is no maintainer of the flatpak/flathub format at ...

The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

    • corsicanguppy@lemmy.caEnglish
      3·
      4 months ago

      *'til

      But the lack of verification and validation is a huge risk to flatpaks. As someone formerly involved with securing OSes, this kind of thing was scary back then and doubly scary since it entered its “don’t confirm; just get in, loser” phase.

      • user@lemmy.one
        11·
        4 months ago

        😱 so I guess install via appimage?? Package manager? 🤷 🤯 brain malfunction. Im thinking don’t download or install until you verify the download with a hash and hopefully signature if they exist 🤷 use fedora? Which has better security? 🤷🤯

    • Spectacle8011@lemmy.comfysnug.space
      1·
      4 months ago

      For checksums: https://github.com/flathub/flathub/issues/1498#issuecomment-649098123

      Flatpak does verify the integrity of files as it is downloading/installing them. For ostree remotes this is done using GPG signatures (which are better than mere checksums). If you want to see the commit ID (which is like a checksum) for something on flathub use e.g. flatpak remote-info -c flathub org.gnome.Builder and for the local copy flatpak info -c org.gnome.Builder. For OCI remotes we at least check SHA256 sums and there might be more integrity verification mechanisms I’m unaware of.

      But for signatures: https://github.com/flatpak/flatpak-builder/issues/435