https://bugs.kde.org/show_bug.cgi?id=484275
Bug ID: 484275 Summary: Discover does not warn and confirm installation of Flatpaks with potentially dangerous permissions and when permissions change Classification: Applications Product: Discover Version: 6.0.2 Platform: Fedora RPMs OS: Linux Status: REPORTED Severity: major Priority: NOR Component: Flatpak Backend Assignee: plasma-b...@kde.org Reporter: ngomp...@gmail.com CC: aleix...@kde.org, jgrul...@redhat.com, trav...@redhat.com Target Milestone: --- SUMMARY I've noticed over time that when installing and updating Flatpaks, Discover does not appear to warn when installing Flatpaks that have potentially dangerous permissions (e.g. general filesystem access, session bus access, etc.) or when permissions change on update. This can lead to situations where the user is not fully aware of the consequences of the action, potentially around hijacks or malware installations. STEPS TO REPRODUCE 1. Open Discover 2. Enable Flathub 3. Install "Podman Desktop" or "TeXstudio" OBSERVED RESULT Discover just installs the app. EXPECTED RESULT Discover prompts with a confirmation dialog warning about some permissions that can allow outsized impact with malicious applications. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora Linux 40 (KDE Plasma) (available in About System) KDE Plasma Version: 6.0.2 KDE Frameworks Version: 6.0.0 Qt Version: 6.6.2 ADDITIONAL INFORMATION The idea here is to harden the installation process a little around Flatpaks in response to what happened recently with Snaps[1][2]. [1]: https://www.youtube.com/watch?v=kzB6fHL_2Pg [2]: https://popey.com/blog/2024/03/exodus-wallet-part-three/ -- You are receiving this mail because: You are watching all bug changes.