Hi, there!
Newbie question here: basically, the title. Perhaps what I’m asking is pretty obvious, but I’d like to double-check with the community on this.
I use Discover on my Debian KDE Plasma set-up, with Flatpaks enabled (but not Snaps). Sometimes, I come across apps (I did just yesterday, searching for translation apps to replace DeepL), that have according to its page, an unknown author and, sometimes, even an unkown licence, but which do require access permission to the whole system (this latter requirement applying specifically to Deb packages, from what I’ve seen).
Under these circumstances, is it safe to assume that such apps will still be safe because of the fact that they appear listed on Discover (in other words, is Discover a guarantee of safety for the apps it shows, as in, some type of checked or proved content), or should I still be wary of potentially malicious software included on it?
Thank you very much in advance :)
Thank you for your insightful comment. If I may incur once again in noobieness, what precisely do you mean when you say the “repository” of my distribution? Do you mean the pieces of software than come preinstalled with the OS itself?
A repository (or repo) is a server that hosts program files for your distribution. Distributions host their own repositories from which you can install software with your package manager, like APT or DNF or others. If you only install software from your distribution’s repository, there’s likely no clashes with software versioning and dependencies, and the packages are about as reliable as they can be (which doesn’t mean there’s never malware). If you add third party repositories for software not available from your distribution’s repository, it’s more likely there will be issues, because the distribution doesn’t guarantee the packages work well together.
For example, Debian and Arch don’t retrieve and install their software from the same source. They have their own servers (repositories) hosting software compiled to work with their particular distro and to be used by their chosen package manager.
Flatpak (or Snap or Guix) is a separate package manager that handles it’s own dependencies and doesn’t clash with your distribution’s own software manager.
Does this help?