Does flatpak enforce cryptographic authentication and integrity validation by default for all packages? (fedora)

Asked Jan 25 '22 at 11:45

Active Jan 25 '22 at 11:45

Viewed 57 times

Does the flatpak package manager in Fedora-based systems require successful cryptographic authentication and integrity validation for all packages?

I know that software downloaded with apt-get packages must be cryptographically verified because the repo's manifest files (synced with apt-get update) are cryptographically signed.

But what about flatpak?

Do Operating Systems with flatpak require valid signatures from a pinned set of keys on all packages by default?

asked Jan 25 '22 at 11:45

Michael Altfield

see also https://github.com/flatpak/flatpak.github.io/issues/520 – Michael Altfield Jan 25 '22 at 12:14
This seems to be about flatpak with flathub. Please correct me if it's not using flathub. I asked about it here: https://github.com/flathub/flathub/issues/1498 which was closed unresolved (however with links to issues which are similar and still open). – mYnDstrEAm Feb 03 '22 at 23:48

0 Answers0