Anyone can create an apt repo and the override your system packages with new versions.
At least with flatpak only the applications you installed from the bad actor’s repo would be affected, though obviously they can still have a ton of malicious dependencies
You’re pretty much just rehashing a possible apt repo “vulnerability,” but at least with flatpak they remember where each package was installed from.
What?
Anyone can create an apt repo and the override your system packages with new versions.
At least with flatpak only the applications you installed from the bad actor’s repo would be affected, though obviously they can still have a ton of malicious dependencies
This does not invalidate anything I’ve said
I wasn’t trying to, just pointing out that it was nothing new