Closed Pfiffikus closed 5 months ago
There is already --filesystem=home
which give read/write access to the entire home directory, which already raises this warning in Flathub:
I think that giving access to the entire host seems a bit overkill for a desktop app, and granting read-only access to the host would still be less secured than just the home.
About --share=network
, I'm not familiar with this option, what is your use case?
I think that giving access to the entire host seems a bit overkill for a desktop app, ...
but for system administrators it makes sense!?
About
--share=network
, I'm not familiar with this option, what is your use case?
otherwise no access to file server is possible ...
System administrators are not devs, by definition, they have admin rights to their systems and, more importantly, they know how to use them. So if a sysadmin needs access beyond their home directory, they should know to use flatseal (or CLI) and add the permission to the app.
For network access, I don't think it is a good practice to enable this by default. Correct me if I'm wrong, but it feels like doing diffs on files on distant servers is not a very common use case.
common use case depends on your personal view :)
Thus some helpful information for such use cases would be also appreciated to be prepared for unexpected error messages ...!
I think you know that when I say "common use cases", I'm not talking about yours or mines, but the common use cases of all the Diffuse users.
Since the solution to your issue is pretty simple and permanent (use Flatseal once and never look back), I will not change Flathub's default permissions.
I am fairly sure that if I give more permissions by default, users will not be happy with it. And I will understand them: I prefer when an app can't see my system files by default.
For all these reasons, I'll close this issue for now.
What about to add e.g. --share=network --filesystem=host to help all users not familiar with the flatpak intricacies? Of course, some helpful information for such use cases would be also appreciated!