I was looking at the firefox flatpak on flathub. Won't this warning make a non tech-savy user anxious? This might make them think they'll get a virus or something like that.
Imagine your friend that does not know anything about linux, don't you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?
I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S
I believe this warning could have a less alarming design, saying something like "This app can use elevated permissions. What does this mean?" with the "What does this mean?" text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have "verified" on the app and a red warning saying "Potentially unsafe", the user will think "well, should I trust this or not??"
beyond root processes, none that I am aware of. Hence I configured all my internet applications and steam to run in a jail :) firejail & bubblewrap come as native packages, unlike the flatpak contents
It’s very accurate. A distro will audit a few packages they deem high risk, such as suid binaries. Once an audit is complete they will often not re-audit it. At that point you rely on third parties for audits.
Flatpak is sometimes, not always, simply a more secure package. You can audit the sources like anywhere else.