FlatPak as a Software Source / flathub as a source of software

Patrick · January 17, 2024, 1:17pm

[Feature request]: setting to block non-freedom Flatpaks by default; setting to block unverified Flatpaks by default; `--allow-nonfreedom`, `--allow-unverified`

opened 01:16PM - 17 Jan 24 UTC

enhancement

### Checklist - [X] I agree to follow the [Code of Conduct](https://github.com/…flatpak/flatpak/blob/main/CODE_OF_CONDUCT.md) that this project adheres to. - [X] I have searched the [issue tracker](https://www.github.com/flatpak/flatpak/issues) for a feature request that matches the one I want to file, without success. ### Suggestion **Issue:** For a Linux distribution (Kicksecure) (and Whonix), we are considering to enable Flathub by default. But there's 2 major concerns. * 1) It's too easy to accidentally install non-freedom (proprietary) software. * 2) It's too easy to install unverified software. (These without a verified badge on Flathub.) Software that is considered both under FLOSS licenses and verified is considered much more trustworthy. **Suggested Distribution Settings File:** The distribution could drop a configuration snippet in the yet to be invented `/usr/lib/flatpak/settings.d` folder. File `/usr/lib/flatpak/settings.d/30_kicksecure.conf`: ``` nonfreedom=false unverified=false ``` This is just a default setting suitable for some Linux distributions. The user should have the freedom to easily undo this. **Suggested User Override Settings File:** File `/etc/flatpak/settings.d/50_user.conf`: ``` nonfreedom=true unverified=true ``` **Suggested User Command Line Overrides:** For overrides on the command line case by case: * `--allow-nonfreedom` * `--allow-unverified` **Suggested `flatpak` command line output output:** * > Installation of non-freedom Flatpak denied. Use `--allow-nonfreedom` or change configuration to override. * > Installation of unverified Flatpak denied. Use `--allow-unverified` or change configuration to override.