should i be worried installing these two? what does it mean though?
(these are captured from Pop! OS software manager)
The first one allows Flatseal to edit the permissions of Flatpak apps including itself.
System folder access allows a app to read the filesystem. (But not system internals)
System settings access allows the app to change settings
So the only concerning one is Xournal. However, I happen to know that it doesn’t support XDG portals which is how apps ask for permissions to files so it needs full file access. As for the system settings I have no idea.
Flatseal’s job is to do that. As for the note app, that’s not great, but you can use flatseal to take away those permissions after installation.
a curse upon these distros for alarming people with such messages. they are meaningless and technically apply to every flatpak
deleted by creator
They mean that the app has that permission. It is good that they let the user know the apps capabilities
Not for the average/casual user, which is why this post exists.
The average person will look at that and see the ‘!’ in a triangle and became scared of what it can do to their system, even though it has no more permissions than a system package. Alternatively, they will become desensitized and learn to ignore it, resulting in installing flatpacks from untrusted and unverified sources.
Overall, I just think the idea around having to sandbox all flatpaks is not a good idea. To give a concrete example, Librewolf is marked as “potentially unsafe” because it has access to the download folder, but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions - it’s the worst of both worlds! Trying so hard to comply with flatpak guidelines that it gets in the way of doing things, and still not being considered safe enough.
deleted by creator
I don’t know about this in depth, but from what another user in this thread said, a flatpak can’t ask a portal to have access to two files at once. If I’m understanding correctly, that would explain why Librewolf needs permission to access ~/Downloads, since it can be downloading more than one file at once, and it needs access to all those files in ~/Downloads at the same time.
EDIT: I got a bit mixed up with what you were saying, but nevertheless, if this is true, then Librewofl would still need permission to access ~/Downloads and so be marked as “potentially unsafe”.
deleted by creator
