Hacker News new | past | comments | ask | show | jobs | submit login

Well, it’s a problem the floss community will have to deal with sooner or later—it feels pretty awkwardly papered over with snap.



The other way is to rely on labels rather than names. But I don't see every distro switching to selinux with per-flatpak/snap policies, so it's going to be have to be joined installation and sandboxing.


Err, I'm still having issues grasping the problem—why not just enforce portable installation and locally writable files? There's no reason user-facing apps need to be installed to anything other than a subdirectory of home, there's no reason to locate the app resources anywhere but as a subdirectory of the app installation, and the XDG filesystem standards for writing seem pretty solid at this point. You could then restrict all access by default and just prompt when it attempts to use a resource.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: