[Bug 1812456] Re: [MIR] libflatpak0

2021-06-22 Thread Christian Ehrhardt 
** Changed in: flatpak (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812456 Title: [MIR] libflatpak0 To manage notifications about this bug go to: https:/

[Bug 1812456] Re: [MIR] libflatpak0

2021-06-19 Thread Andrew Hayzen
tl;dr; Flatpak currently considers remotes as trusted, so after you have added one with a password at system level, you don't need a password to install apps for that remote. I don't about how polkit rules work, but this is just a comment describing what happens from a user perspective with flatpa

[Bug 1812456] Re: [MIR] libflatpak0

2021-06-18 Thread Seth Arnold
I reviewed flatpak 1.10.2-1ubuntu1 as checked into hirsute. This shouldn't be considered a full audit but rather a quick gauge of maintainability. flatpak is an application packaging and sandbox tool. - CVE History: we have six cves in our database, they appear to have been handled well, qui

[Bug 1812456] Re: [MIR] libflatpak0

2021-06-18 Thread Seth Arnold
There's something from the polkit rules that worries me. I don't think we want the rules to be this open. Could someone more conversant with polkit rules give them a read and report back if this is something we really want? Something that specifically worried me: - Normal users need adm

[Bug 1812456] Re: [MIR] libflatpak0

2020-09-21 Thread Didier Roche
[Summary] ACK from the MIR team. This does need a security review, so I'll assign ubuntu-security list specific binary packages to be promoted to main [Duplication] There is no other package in main providing the same functionality. [Dependencies] - no other Dependencies to MIR due to this apart

[Bug 1812456] Re: [MIR] libflatpak0

2020-09-15 Thread Sebastien Bacher
The right team is subscribed now ** Changed in: flatpak (Ubuntu) Status: Incomplete => New ** Changed in: flatpak (Ubuntu) Assignee: (unassigned) => Didier Roche (didrocks) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1812456] Re: [MIR] libflatpak0

2020-09-01 Thread Didier Roche
Setting as incomplete until getting more information, feel free to reassign once ready. ** Changed in: flatpak (Ubuntu) Status: New => Incomplete ** Changed in: flatpak (Ubuntu) Assignee: Didier Roche (didrocks) => (unassigned) -- You received this bug notification because you are a

[Bug 1812456] Re: [MIR] libflatpak0

2020-08-25 Thread Didier Roche
Missing team subscription: can you ensure desktop-packages is subscribed before analyzing the MIR please? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812456 Title: [MIR] libflatpak0 To manage no

[Bug 1812456] Re: [MIR] libflatpak0

2020-08-25 Thread Didier Roche
** Changed in: flatpak (Ubuntu) Assignee: (unassigned) => Didier Roche (didrocks) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812456 Title: [MIR] libflatpak0 To manage notifications about t

[Bug 1812456] Re: [MIR] libflatpak0

2020-08-20 Thread Robert Ancell
** Description changed: Many applications have Flatpak integration using libflatpak. The Ubuntu desktop team would like libflatpak0 in main so we can easily build such applications. It takes a lot of work to make these dependencies optional and sometimes that is not possible. We don't need

[Bug 1812456] Re: [MIR] libflatpak0

2020-08-20 Thread Robert Ancell
** Description changed: - Scope - = - This MIR is only for libflatpk0 and its related binaries (libflatpak-dev, libflatpak-doc and gir1.2-flatpak-1.0). The flatpak binary itself and flatpak-tests will remain in universe. + Many applications have Flatpak integration using libflatpak. The Ubun