Clarifications regarding Brave FlatPak sandboxing state and Fedora Silverblue official install guide #36457
Comments
|
cc: @wknapik |
This comment was marked as outdated.
This comment was marked as outdated.
|
Thanks for the reply. Maybe you can at least add the instructions to install the rpm package without using DNF but instead rpm-ostree so other users can install the rpm in Fedora Silverblue or any of the u-Blue distros that use this method. |
|
@NotMainstream I added an internal issue for that. Once it's resolved, this issue will also be resolved. |
|
I see Brave Browser as verified on Flathub. Something has changed? |
|
@Digitalone1 yes, we're in the process of making the Flatpak package official. This also means that we won't need extra instructions for Fedora Silverblue, where Flatpak is the recommended package format. I don't think we have an active public issue for this work, but it is ongoing. |
|
That's great. Please also add Brave Nightly flatpak. |
|
I wonder if using Brave with Flatpak is safer than regular packages considering the issues related to sandboxing stated in the first post. Anyway, making the official package on Flatpak is a good move. |
|
The issues discussed in the first post referred to the flatpak not to the rpm |
|
Closing as we now are official on https://flathub.org/apps/com.brave.Browser |
|
But there is still no simple answer should one switch to Flathub version or continue using normal is still preferred? |
As stated on their download page, the Flatpak version has various issues, so the normal one is still preferred. |
|
This is still an open question: does the flatpak release have reduced sandboxing capabilities, as indicated in the first post? Brave is not available on all distributions; eg on Void Linux. There are workarounds (scripts to unpack RPM etc) but using a flatpak would be easier. Personally, I don't mind the "issues" listed here: https://github.com/flathub/com.brave.Browser/issues?q=is%3Aopen+is%3Aissue But improper sandboxing is a red-alert issue which honestly, if it's a thing, Brave should have a stern warning or maybe even remove the packages altogether. |
|
I see that Brave extends the Chromium flatpak. I found some worrying issues, seems like flatpak is simply not suitable for a browser. There's a lot of smoke and mirrors but ultimately it seems like the sandboxing is different and thus, less-tested, and thus, less-secure. flathub/org.chromium.Chromium#337 |
@thypon has done some work on that one. |
Can you please provide on flathub.org a Brave FlatPak that is an official built so we can trust that the software is genuine and it doesn't contain any 3rd party risks ?
Or at least provide on your website a guide how to install Brave and Brave Nightly releases for Fedora Silverblue also (Silverblue doesn't have "Dnf" as an Install method but supports FlatPak and rpm-ostree layering)
Also please provide clarifications about the sandbox status of the FlatPak builds as I have read on a forum that Chrome based browsers have issues with being packaged in a FlatPak because of their sandboxing not being compatible with Flatpacks and the devs use a hack that basically disables all or most of the sandbox. I will provide a quote from that forum:
'In short, Flatpak doesn't allow important parts of the Chromium sandbox to work as intended by the Chromium team, when running under Flatpak. So you either end up with no internal (interprocess) sandbox or one which is replaced with something potentially weaker and certainly less well understood and tested. Zypak is maintained by a single person. Those responsible for the Chromium sandbox are a whole team.
I do not currently feel confident that you aren't actually getting less security trying to run a Chromium based app in flatpak. I also strongly suspect this is why you are not finding a single official flatpak by any Chromium based browser. Either they decided it is less secure or they suspect it might be and do not want to take a risk.'
The text was updated successfully, but these errors were encountered: