After all the issues with Canonical's Snap package scams lately, it seems the Flathub folks are continuing to ensure their platform is trustworthy.
For a while now developers have been able to get Verified on Flathub, and with it they get a nice blue tick to show off on app pages. This shows that the app is directly from the original developer. Now though, they're going a step further as noted on the official Flathub account on Mastodon as they're also now doing Unverified banners on pages that look like this:
As they said: "If you see this, it flags that the app has not been verified by its developer—it’s effectively a community-maintained package." and they continued, "This provides a bit of clarity around the source of apps while helping increase trust for the growing number of verified apps. While we don’t require apps be verified or submitted by upstream developers, we highly encourage it."
They also reminded people that they always human-review every app submission on Flathub. Their team also put up a blog post back in February on some other moderation improvements to apps.
A feature request for Flatpak itself was also opened to show the Verified or Unverified status via the CLI, although there was already a more generic request open on that. So hopefully sometime soon it will show it all clear when you're not installing via an app.
Quoting: CyborgZetamarknote🧐 love me some minimalistic Markdown editor
Quoting: darkoverlordofdataSince the xylib fiasco was caused by the dev team of record, I don't see this as any actual protection.This isn't related to that, it's more related to the Snap scam apps that kept appearing. That Flathub actually go through verifying the real developers. Two very different situations.
See more from me