[arch-general] Announcing pacpak
pelzflorian (Florian Pelz)
pelzflorian at pelzflorian.de
Sun Jul 10 15:36:22 UTC 2016
On 07/10/2016 04:45 PM, Levente Polyak wrote:
> We, as the Security Team, are strongly against any move to officially
> ship bundles that manage their dependency versions itself instead of
> regular software builds.
> […]
With pacpak, it will be the user’s responsibility to update the bundles
just like it is the user’s responsibility to update their Arch system. I
do *not* want Arch to ship official bundles. Users of Flatpak bundles
from elsewhere are of course on their own as well.
Yes, a kernel vulnerability may allow malware to escape the container. I
should not have said that Flatpaks can be run without any fear at all.
pacpak users should be made aware of this.
Regards,
Florian Pelz
More information about the arch-general
mailing list