Security of unverified flatpaks

barthalion:

We attempted that but it was unrealistic. I’m working on some heuristic to flag “invasive” changes but as always, I can’t say if or when.

So there has been an attempt. What was unrealistic about it? Was it the review load on human reviewers?

I do have a suggestion. What if we flagged a change for human review if the domain in a URL is modified? This should tighten the restriction on changes at a great cost-benefit ratio. I imagine domain changes are infrequent in legitimate scenarios. Though, we’d have to also create stricter cases for git repos, since changing the owner/name URL portion changes ownership.

I’m interested in hearing about the heuristics you’re working if you don’t mind talking about it publicly.