[Pkg-utopia-maintainers] Bug#946913: should flatpak -> xdg-desktop-portal be downgraded to Recommends?

Simon McVittie smcv at debian.org
Thu Dec 19 14:50:39 GMT 2019 

Control: clone -1 -2
Control: retitle -2 should flatpak -> xdg-desktop-portal be downgraded to Recommends?
Control: reassign -2 flatpak
Control: severity -2 wishlist

On Wed, 18 Dec 2019 at 17:57:25 +0100, Martin F Krafft wrote:
> I only use Flatpak for us.zoom.Zoom, which works just fine
> without the process. So it's actually more a Recommends than a Depends.

Strictly speaking yes. I think this is close to the borderline between
Depends and Recommends; breaking this off into a separate bug while I
think about which side of the line it ought to be on.

The reason I originally added a hard dependency from flatpak on x-d-p is
that the documents portal, which used to be part of flatpak, was moved
into x-d-p - so not depending on x-d-p would have been a functional
regression. Before that, the dependency chain was:
flatpak Recommends x-d-p-gtk | x-d-p-backend, x-d-p-gtk Depends x-d-p.

Flatpak *can* do useful things without x-d-p, but it will break most apps'
expectations - it provides an "API" to apps, and x-d-p is part of that
"API". As time goes on and Flatpak apps (hopefully) get better-sandboxed,
x-d-p will become increasingly necessary.

Zoom is (probably) unaffected by absence of x-d-p because all of the
permissions it requires happen to be things that are currently done
"statically" by Flatpak, rather than going through a portal. However,
perhaps relatedly, its permissions are worryingly broad for proprietary
software: it has full access to the home directory, devices and
PulseAudio.

Ideally it would either use xdg-desktop-portal to mediate access to files,
or use --persist to have its own fake home directory, or both; and ideally
it would use x-d-p's webcam portal instead of devices=all, but that won't
work until Pipewire is widespread (and would also require code changes
in Zoom, which leaves you at the mercy of proprietary software updates).

The other category of applications I can immediately think of that might
be OK without x-d-p is simple, self-contained games that confine all their
filesystem accesses to one directory and don't open files interactively
(for example OpenArena, but not anything that has a File->Open...-style
interface for loading levels or mods or whatever).

    smcv

More information about the Pkg-utopia-maintainers mailing list