should i be worried installing these two? what does it mean though?
(these are captured from Pop! OS software manager)
Flatseal: well that’s normal, it can’t control Flatpak’s access controls if it is itself sandboxed. Even if it was sandboxes, it could just grant itself everything.
For Xournal: it’s probably because it doesn’t support portals or whatever, so it can’t use the open file dialog to get permissions. So it needs to be able to get to your files somehow to open them.
In both cases, it just means its permissions model is more like regular applications you’d get from your package manager. If you install Xournal with apt/dnf/pacman it also won’t be sandboxed.
The point of sandboxing is you can run applications you don’t trust too much, or significantly reduce the blast radius if say, your browser gets breached: then it has another barrier to overcome to reach anything other than the browser’s own data. The lack of sandboxing doesn’t inherently imply the app is evil or will hack you. It just means it doesn’t have the extra protection around it. So like, probably don’t open sketchy PDFs in it, but I wouldn’t stop using the app solely because it lacks sandboxing.
I think the problem with xournal is that it cannot ask a file portal to give it access to two related files at once. “I want to let the user pick foo.pdf.xournal, and also give me access to foo.pdf”. So the next best thing is to give it the “access any damned file” permission, and let Xournal grab whatever it wants. You get the same problem with video players - you could take away their permission to open-any-file, but then they won’t be able to pick up a related subtitle file.
No, you don’t need to be worried. For example, Flatseal is a program to manage other flatpaks. This means that, by design, it needs to be able to grant flatpaks certain permissions that may expose them to system services they need to operate correctly.
One user mentioned that these new warnings aren’t particularly helpful, because they don’t give a good explanation of what or why, and they just foster anxiety in users who just want to install an otherwise reputable flatpak.
I don’t know anything about xournal++, but I would imagine it’s also reputably safe, and somebody else can verify for sure.
Yeah Xournal++ is probably the best hand-written note taking and PDF annotation program available on Linux, it’s pretty well known. The system settings permission is to honor some global settings you might have enabled, and the file system access is so you can save and open stuff from anywhere, I assume.
Sorry for the off topic, what’s the best device to use xournal++ in your opinion? MS Surface? I guess you have used some hand-written note taking apps before since you wrote this, so you’re more experienced than me for sure!
Never owned a Surface, so can’t comment on that, but I’m very happy with my One by Wacom (not to mix with Wacom One :p). It’s fairly cheap as far as these types of tablets go, it’s very responsive (I have 144Hz displays and it’s so nice to use), has a nice sueface roughness, it’s plug-and-play on Linux and has 0 maintenance (no batteries to swap).
What I like with my setup is that, contrary to traditional writing on paper, I can sit properly, looking forward, avoiding some bad neck and back pain I usually get otherwise.
a curse upon these distros for alarming people with such messages. they are meaningless and technically apply to every flatpak
Flatpak downloads are insecure 100% of the time
This is good news for flatpack!
