My application has been packaged by the community on flathub. I would like to officially take ownership of it, and make it a verified app. Is there a way to either 1) move the flatpak github repo into my github organization, or otherwise 2) gain control over the flatpak repository in the flathub org in a way which I can add/remove people to it?
It’s often really usefull to tell us which one.
And no it’s not possible to move the flatpak repository elsewhere. This is how the infrastructure work to build flatpak. Hopefully it only contains the manifest. Nor is it possible to grant more than just write permission, which is all that is needed to update the package.
And no it’s not possible to move the flatpak repository elsewhere. This is how the infrastructure work to build flatpak. Hopefully it only contains the manifest. Nor is it possible to grant more than just write permission, which is all that is needed to update the package.
How is the decision handled to grant write access to flathub flatpaks? How can I know that if I verify an app on flathub, the flathub admins won’t grant write access to someone else who requests write access who I don’t know?
as mentionned above, file an issue where indicated. Don’t forget to mention which package it is, because so far you have not answered this question.
Due diligence will be made to check.
Verification via github require permissions on the upstream repo (based on the app-id) or permission on the upstream website.
I can file an issue. My question is agnostic to any specific package though so I did not think I needed to mention the package name here. I have looked through the flathub docs and could not find any details on the security of who is granted write access to the repositories. I have twice emailed the flathub admins, as instructed here Submission | Flathub Documentation, under " Someone else has put my app on Flathub—what do I do?", but I have gotten no replies. Are you a flathub admin?
Do you have any more information on “Due diligence will be made to check.”?
Essentially I am trying to figure out how I can ensure you aren’t going to backdoor my app after I verify it via proving DNS control. Or grant write access to someone who will backdoor it.
You started with that without telling which application. That didn’t sound like a general question.