Hello, thanks for taking the time to write this answer. The issues outlined on flatkill.org were serious enough, but seeing basically no reply (except “FUD warnings”) from the community made me suspicious.

I agree that the issues are serious, but what they fail to see is that new technologies always take time to get implemented and adapted. systemd didn’t start off great at the beginning; it had many security vulnerabilities and many bugs, but as time went by, systemd has matured and has become the standard init system.

Technologies outside of Linux have experienced the same thing: Bluetooth, SSDs, Android, and more.

Punching holes in the sandbox (as Flatpak is doing right now) is just a temporary approach. But as time goes by, more applications will start using portals. Qt5 and GTK3 applications already use portals. Firefox uses it, Chromium uses it, Electron is being worked on.

Unfortunately, in terms of security that is easy for the end-user, Flatpak is the best we have. Projects that are close to FreeDesktop, such as systemd, GNOME and Fedora often have been very quick in development thanks to the effort of developers, and I doubt Flatpak will be an exception.

But from the flatpak.org website i cannot find the bugtracker or the source code for flatpak ; this could probably be improved.

Not sure what you meant here exactly, but if you asked for the source code of Flatpak, here you go: https://github.com/flatpak/flatpak.

Last question (sorry i’m curious :D) do you think there’s hope to integrate flatpak concepts (eg. sandboxing portals) with a consistent/reliable/reproducible build system like Nix/guix? They are an amazing approach to software packaging but in my view lack UX/integration concerns that flatpak is trying to solve.

Yes. In fact, that is one of the areas where Flatpak is trying to solve. If you use immutable desktops like NixOS, Guix, Endless OS and Fedora Silverblue, Flatpak can be very useful as it doesn’t need to create a new image everytime you need to install, upgrade or remove something. In fact, Fedora Silverblue and Endless OS use Flatpak by default. As a Fedora Silverblue user here, I have no problem with Flatpak

Amazing post and thank you for informing us!

I’d like to ask if you can edit the post and add browser.proton.enabled, because that one is part of the redesign, and you seem to have missed it. Also it would be nice if you can mention that this should be configured in about:config.