How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?
How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?
Personally I don’t understand the large warnings on flatpaks built by others, by that logic you should get a warning sign each time you download from the Ubuntu community apt repository.
OSS is built out of love, and to me this warns guilty before proven innocent.
Well I think you have to distinguish between a messenger and other programms, because a messenger has a lot of sensitive data.
Just because something is built out of love does not make it safe, and attestation is about safety. You wouldn’t trust an un-attested surgical device, just because there’s a really positive community around its design.
Signal is a life-or-death app for some people.
What warnings?
The ‘appstore’ of some distributions, e.g. Linux Mint, displays a warning or hint for unofficial flatpaks. In Mint the display of unofficial flatpaks are toggled off by default and there is a warning or recommendation displayed against toggling on.