{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicjeyjn4sjmmkhaglmiklqakng6lo3swlf6yy4girpua2ssivj2gm",
    "uri": "at://did:plc:yrn4rbgwenb6lfhhzjegbtnc/app.bsky.feed.post/3mjfmhwslbxi2"
  },
  "path": "/t/security-of-unverified-flatpaks/11983#post_8",
  "publishedAt": "2026-04-12T21:55:12.000Z",
  "site": "https://discourse.flathub.org",
  "textContent": "barthalion:\n\n> We attempted that but it was unrealistic. I’m working on some heuristic to flag “invasive” changes but as always, I can’t say if or when.\n\nSo there has been an attempt. What was unrealistic about it? Was it the review load on human reviewers?\n\nI do have a suggestion. What if we flagged a change for human review if the domain in a URL is modified? This should tighten the restriction on changes at a great cost-benefit ratio. I imagine domain changes are infrequent in legitimate scenarios. Though, we’d have to also create stricter cases for git repos, since changing the `owner/name` URL portion changes ownership.\n\nI’m interested in hearing about the heuristics you’re working if you don’t mind talking about it publicly.",
  "title": "Security of unverified flatpaks"
}