search

MightyCreak / diffuse

Diffuse is a graphical tool for comparing and merging text files. It can retrieve files for comparison from Bazaar, CVS, Darcs, Git, Mercurial, Monotone, RCS, Subversion, and SVK repositories.
http://mightycreak.github.io/diffuse/
GNU General Public License v2.0
258 stars 45 forks source link

initial strict permissions prevent useful usage? #217

Closed Pfiffikus closed 5 months ago

Pfiffikus commented 7 months ago

What about to add e.g. --share=network --filesystem=host to help all users not familiar with the flatpak intricacies? Of course, some helpful information for such use cases would be also appreciated!

MightyCreak commented 6 months ago

There is already --filesystem=home which give read/write access to the entire home directory, which already raises this warning in Flathub:

image

I think that giving access to the entire host seems a bit overkill for a desktop app, and granting read-only access to the host would still be less secured than just the home.

About --share=network, I'm not familiar with this option, what is your use case?

Pfiffikus commented 6 months ago

I think that giving access to the entire host seems a bit overkill for a desktop app, ...

but for system administrators it makes sense!?

About --share=network, I'm not familiar with this option, what is your use case?

otherwise no access to file server is possible ...

MightyCreak commented 5 months ago

System administrators are not devs, by definition, they have admin rights to their systems and, more importantly, they know how to use them. So if a sysadmin needs access beyond their home directory, they should know to use flatseal (or CLI) and add the permission to the app.

For network access, I don't think it is a good practice to enable this by default. Correct me if I'm wrong, but it feels like doing diffs on files on distant servers is not a very common use case.

Pfiffikus commented 5 months ago

common use case depends on your personal view :)

Thus some helpful information for such use cases would be also appreciated to be prepared for unexpected error messages ...!

MightyCreak commented 5 months ago

I think you know that when I say "common use cases", I'm not talking about yours or mines, but the common use cases of all the Diffuse users.

Since the solution to your issue is pretty simple and permanent (use Flatseal once and never look back), I will not change Flathub's default permissions.

I am fairly sure that if I give more permissions by default, users will not be happy with it. And I will understand them: I prefer when an app can't see my system files by default.

For all these reasons, I'll close this issue for now.