With all the supply chain attacks in the Linux ecosystem, isn’t the natural solution to move to full application sandboxing?
Flatpacking is great but not all applications support it.
Is it too much of a hassle?
With all the supply chain attacks in the Linux ecosystem, isn’t the natural solution to move to full application sandboxing?
Flatpacking is great but not all applications support it.
Is it too much of a hassle?
I’ve always been curious about it, but felt like it might be a pain to try to use as a daily driver.
I’ve fairly thoroughly hardened my Void install, have an update and CVE audit workflow, and use firejail to sandbox any apps that make sense to sandbox. That feels more than enough for me.