Hi, there!
Newbie question here: basically, the title. Perhaps what I’m asking is pretty obvious, but I’d like to double-check with the community on this.
I use Discover on my Debian KDE Plasma set-up, with Flatpaks enabled (but not Snaps). Sometimes, I come across apps (I did just yesterday, searching for translation apps to replace DeepL), that have according to its page, an unknown author and, sometimes, even an unkown licence, but which do require access permission to the whole system (this latter requirement applying specifically to Deb packages, from what I’ve seen).
Under these circumstances, is it safe to assume that such apps will still be safe because of the fact that they appear listed on Discover (in other words, is Discover a guarantee of safety for the apps it shows, as in, some type of checked or proved content), or should I still be wary of potentially malicious software included on it?
Thank you very much in advance :)
Just to clarify what others are saying: the ‘software store’ (Discover in your case) is just the graphical application that you use to manage the software installed on your computer. The repositories, aka ‘repos’ are the sources of that software. There are people whose job it is to vet the software in those repositories and make sure that it’s safe. Flatpak is a packaging format. The biggest repository (and what you likely have enabled) for flatpaks is Flathub. If you’re installing software from the Debian repo and Flathub you should be fine. You should be able to verify which repositories are enabled via the Discover app. You have the freedom to add other repositories too, but it will be your own responsibility to evaluate whether those sources are trustworthy if you do.
Long story short, if you just use Debian as it is, you are fine.
Thanks for joining the conversation and help make things clear. This does help; so, basically, not having manually enabled anything else than Flathub/Flatpaks on Discover, and having Debian’s repository already, I am fine as long as I install programmes from either of those two.
I would say you are more than likely fine, malicious code does occasionally sneak into Debian distributed apps but you’ll likely never encounter something that is outright fraudulent or a scam.
Yes, you’ve got it 👍
You can basically just treat everything available in Discover as good, because everything there will either be from Debian or from Flathub.
I’m on Debian 13 too but have the GNOME desktop environmet.