The Flatpak is already packaged and works well. It just needs to be maintained from a person that joins the Inkscape community.

This would allow further improvements like Portal support and making the app official on Flathub.

Update: One might have been found!

  • delirious_owl
    link
    fedilink
    arrow-up
    7
    ·
    5 months ago

    Wait till you learn that your flatpak client doesn’t verify anything it downloads

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      5 months ago

      *'til

      But the lack of verification and validation is a huge risk to flatpaks. As someone formerly involved with securing OSes, this kind of thing was scary back then and doubly scary since it entered its “don’t confirm; just get in, loser” phase.

      • user@lemmy.one
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        5 months ago

        😱 so I guess install via appimage?? Package manager? 🤷 🤯 brain malfunction. Im thinking don’t download or install until you verify the download with a hash and hopefully signature if they exist 🤷 use fedora? Which has better security? 🤷🤯

        • delirious_owl
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          Many developers sign their AppImages, but its up to you to verify it

    • Spectacle8011@lemmy.comfysnug.space
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      For checksums: https://github.com/flathub/flathub/issues/1498#issuecomment-649098123

      Flatpak does verify the integrity of files as it is downloading/installing them. For ostree remotes this is done using GPG signatures (which are better than mere checksums). If you want to see the commit ID (which is like a checksum) for something on flathub use e.g. flatpak remote-info -c flathub org.gnome.Builder and for the local copy flatpak info -c org.gnome.Builder. For OCI remotes we at least check SHA256 sums and there might be more integrity verification mechanisms I’m unaware of.

      But for signatures: https://github.com/flatpak/flatpak-builder/issues/435