This is kind of a bad comparison. Theoretically, malicious authors could sign their Flatpak packages and Flatpak could verify it with cryptography. It doesn’t matter if you’re downloading a “crypto-wallet” that’s really just a phishing exercise.
That’s why they put their public key fingerprint on many distinct domains, and users can import them and pin them. Flatpak doesn’t support this. Apt does.
bwrapwants to have a word with youSorry I tried to download bwrap but I got a virus because flatpak doesn’t verify anything that it downloads with cryptography
This is kind of a bad comparison. Theoretically, malicious authors could sign their Flatpak packages and Flatpak could verify it with cryptography. It doesn’t matter if you’re downloading a “crypto-wallet” that’s really just a phishing exercise.
That’s why they put their public key fingerprint on many distinct domains, and users can import them and pin them. Flatpak doesn’t support this. Apt does.