this post was submitted on 21 Mar 2026
42 points (95.7% liked)

Linux

63955 readers
1110 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
42
Is it safe to assume that all apps from the software store (Discover in my case) are safe? (lemmy.org)
submitted 1 day ago by Cekan14@lemmy.org to c/linux@lemmy.ml
35 comments fedilink hide all child comments
 

Hi, there!

Newbie question here: basically, the title. Perhaps what I'm asking is pretty obvious, but I'd like to double-check with the community on this.

I use Discover on my Debian KDE Plasma set-up, with Flatpaks enabled (but not Snaps). Sometimes, I come across apps (I did just yesterday, searching for translation apps to replace DeepL), that have according to its page, an unknown author and, sometimes, even an unkown licence, but which do require access permission to the whole system (this latter requirement applying specifically to Deb packages, from what I've seen).

Under these circumstances, is it safe to assume that such apps will still be safe because of the fact that they appear listed on Discover (in other words, is Discover a guarantee of safety for the apps it shows, as in, some type of checked or proved content), or should I still be wary of potentially malicious software included on it?

Thank you very much in advance :)

you are viewing a single comment's thread
view the rest of the comments
[–] unwarlikeExtortion@lemmy.ml 5 points 1 day ago* (last edited 1 day ago) (1 children)

Discover itself doesn't care about security - it's the underlying package manager(s) that do.

Flatpak is perfectly safe IMO, as are the built-in repositories.

Both Flatpak reviewers and Debian maintaniers do their due diligence when auditing the software they distribute.

When using distros/repos which are less FOSS purist (such as Ubuntu), you could run primarily into privacy issues. When using smaller ones, the risk of a backdoor or voulnerability is a bit larger, as less eyes are on the code.

That being said, the only way to be immune to untargeted cyberattacks is to be offline, which isn't reasonable in this day and age. As long as you stick to your distro's repo and Flatpak you should be perfectly fine, save for the "normal" voulnerability or two that unfortunately slip through every now and then. You could think of this as a kind of digital "herd immunity".

As long as you don't add repos willy-nilly but think about who you trust, you should be fine.

So yeah - you can assume Flatpaks and the Debian repos are safe. They have good security policies about adding stuff in and do do their due dilligence. Though, this might change in the future, alrhough it doesn't seem likely. But for now - you'll be fine.

The only real risk is if a backdoor like the recent one in xz-utils does slip through the cracks, but then you'll be one of millions of affected machines which, while not mitigating the vulnerabilities per se will at least mean the problem will get fixed sooner once it does get found.

[–] Cekan14@lemmy.org 3 points 1 day ago

Thank you! Honestly, it's quite amazing that I can enjoy such complex pieces of software made by and taken care of by the community while not trying to sell me anything or sell my data in return. I love Debian and FLOSS in general.