Non-sandboxed applications (basically anything provided by standard RPM or DEB distro packaging) has ‘unknown’ permissions in gnome-software’s internal model. Previously, this fact was stated explicitly (“Software has unknown permissions”).
That’s not particularly helpful to users. They don’t know what the permissions are, or what having unknown permissions means for how an application can be trusted. There’s a large amount of RPM/DEB packaged software out there and distros actually do a pretty good job of vetting it for malicious things. While the lack of sandboxing for such applications means that bugs in them can be exploited with sometimes wide-ranging effects (full access to the user’s home directory, for example), the applications can be trusted.
Let the user know that explicitly. Instead of saying the permissions are unknown, say that an application is not sandboxed and either comes from a (trusted) distribution repo, or from a (potentially less trusted) third party repo.
For GNOME 42 we can look at differentiating on the basis of sandboxing even more explicitly by (potentially) introducing a ‘trusted’ state for the tiles as a counterpoint to ‘safe’. It’s too late in the 41 cycle for that, though. See #1451 for that.
The differentiation between distro repos and third-party repos is done
on the presence of the
GS_APP_QUIRK_PROVENANCE quirk, which is set by
provenance plugin. In order to work correctly, this requires
distros to configure the list of trusted repo IDs in the
org.gnome.software.official-repos GSettings key. Fedora, for example,
does this as a step in the gnome-software package install process.
As part of this, this commit removes the old handling of
GS_APP_QUIRK_PROVENANCE: the strings weren’t entirely helpful, and it
didn’t have a converse implemented.
Signed-off-by: Philip Withnall email@example.com
Fixes: #1450 (closed)
Closes #1450 (closed)