Hi, there!
Newbie question here: basically, the title. Perhaps what I’m asking is pretty obvious, but I’d like to double-check with the community on this.
I use Discover on my Debian KDE Plasma set-up, with Flatpaks enabled (but not Snaps). Sometimes, I come across apps (I did just yesterday, searching for translation apps to replace DeepL), that have according to its page, an unknown author and, sometimes, even an unkown licence, but which do require access permission to the whole system (this latter requirement applying specifically to Deb packages, from what I’ve seen).
Under these circumstances, is it safe to assume that such apps will still be safe because of the fact that they appear listed on Discover (in other words, is Discover a guarantee of safety for the apps it shows, as in, some type of checked or proved content), or should I still be wary of potentially malicious software included on it?
Thank you very much in advance :)
Uhhhhhhhh…
Bruh. It’s not safe to assume any software from anywhere is safe… that’s kinda the essence of Zero Day exploits.
Even if you wrote it there have been Linux exploits that hid a root kit, and patched the gcc compiler and linker to create a level of persistence that is just other worldly. IIRC what that fucker was called, but it won’t be hard to find. You can probably still count Linux root kits on one hand.
Hell, I’ll look it up after I’m done with my morning duce… that shit was epic. And like, also, theoretically, you could be Mr. Robot, so… you know… it’s just a good idea not to trust yourself anyway.