I think I didn't make my point clear. I used that as an example of "needs to access files" not meaning "needs to access all files, including but not limited to configuration files".
> Flatpak only offers the ability for extra security.
With a permission model that apparently can't keep an image editing application from silently editing .bashrc .
>With a permission model that apparently can't keep an image editing application from silently editing .bashrc .
It can, you can cut off all filesystem access or select certain areas. The problem is that programs often need special attention to make sure they work properly using flatpak portals. Currently not many devs are interested in doing this work since flatpak is pretty small right now.
So for now we must assume that Gimp built from the official source, is not a malicious program. Like we have for the last 25 years.
Yup, it's a classic catch 22. Sandboxing doesn't really work without developer cooperation. But there's little incentive for developers to work on it in apps that are easy to get outside the sandbox - or when it's easy to get extra permissions in a Flatpak.
I think I didn't make my point clear. I used that as an example of "needs to access files" not meaning "needs to access all files, including but not limited to configuration files".
> Flatpak only offers the ability for extra security.
With a permission model that apparently can't keep an image editing application from silently editing .bashrc .