Description
No matter how hard we try, GNOME developers will fail write secure code when using unsafe languages like C: it's just too hard. Unsandboxed applications will never be safe, so it's time for GNOME distributors to move away from shipping traditionally-packaged applications and embrace Flatpak instead. The Flatpak sandbox can save users from the consequences of our mistakes, but widespread abuse of sandbox holes on Flathub prevents us from actually providing the security and privacy guarantees that our users deserve. To close the holes without introducing user experience regressions, we'll need to improve our desktop portals.
Also: learn about GNOME's new security bug bounty program, how GNOME can reduce bogus CVEs, and how you can help GNOME improve tracking of security vulnerabilities.
Author(s) Bio
Michael has been contributing to GNOME software development since 2013. He previously served on GNOME release team for nine years, and currently maintains Epiphany (GNOME Web), GNOME Chess, and glib-networking. Michael also contributes to WebKit and Fedora Workstation.
| Presentation Type | In Person |
|---|---|
| Pronouns | He/him |
