How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?
As a maintainer of another unofficial flatpak:
You can always check the source code of the flatpak (code that downloads the dev then runs it inside the flatpak sandbox) here: https://github.com/flathub/org.signal.Signal
Any of the current maintainers could add malicious code, but that would ruin their GitHub & by proxy:Twitter,LinkedIn credibility.
Flathub have final say on what is built and hosted on their flatpak repository (Flathub != Flatpak) and are able to remove versions at will.
Personally I don’t understand the large warnings on flatpaks built by others, by that logic you should get a warning sign each time you download from the Ubuntu community apt repository.
OSS is built out of love, and to me this warns guilty before proven innocent.
Well I think you have to distinguish between a messenger and other programms, because a messenger has a lot of sensitive data.
I’m not a developer so I can’t really check myself
been using the flatpack for months and had no issues so far
Could always do what looks like the Arch AUR package is doing and build it yourself from source. Or if you are running a Fedora/OpenSuse distro you could find a package on COPR or something that converts a package from a .deb to .rpm and just change source and stuff to match signal.
Sounds like a hacky way to do things, I don’t think I’m comfortable with that.
I have the official Signal Desktop flatpak installed through Discover. It exists.
This one? Because this is not official.
Yeah, I think it’s that one. Does Discover pull it’s content from flathub.org?
It says “by Signal Foundation” on it and 900,000 people have installed it so it seems good enough to me.
OP, what distro are you running? You mention a whole bunch of package formats they don’t provide, but never mention what format you require. Depending on the distro, making a build script (or converting the .deb) really isn’t Rocket Surgery ™.
Signal aims to be the messenger you can tell your grandma to use. To live up to that promise they have to provide more packages.
What percentage of Signal users is “grandma” that uses Linux and would be messaging from her PC? I would have to imagine the overwhelming vast majority of Signal users are on mobile only, so packaging for specific distros is probably far down the priority list.
