I would recommend that Ubuntu either uses the Debian package as-is, or branches from the Debian packaging to apply whatever divergence is desired. I'd be happy to let Ubuntu maintainers of flatpak use the `ubuntu/*` namespace on Salsa for this, similar to how gnome-shell is packaged.
Obviously I'm only a Debian and upstream maintainer of Flatpak, and not an Ubuntu developer; if Ubuntu people want to diverge, that's their choice to make, although I would encourage prospective Ubuntu maintainers to consider the maintenance cost of divergence before diverging. > - unix 'wheel' group users can install and remove packages from configured > flatpak remotes, without password Where are you getting this from? From upstream, or from Ubuntu packaging? The upstream default is the wheel group, but the Debian packaging configures flatpak `--with-privileged-group=sudo`, which should mean that the privileged (root-equivalent) group is `sudo` rather than `wheel`. I would hope that Ubuntu inherits that configuration change. > As such, installation of new apps via flatpak should use polkit to authorise > the transaction - > whilst upgrades should not. Deleting the custom polkit policy (/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.Flatpak.pkla and/or /usr/share/polkit-1/rules.d/org.freedesktop.Flatpak.rules, depending which polkit version Ubuntu is using) might be enough to get this behaviour. Please see /usr/share/polkit-1/actions/org.freedesktop.Flatpak.policy for details of what will happen if those files are deleted. Please bear in mind that upgrading an app might require installing a new runtime for it to run on (for example, upgrading org.gnome.Recipes might switch its required runtime from org.gnome.Platform//40 to org.gnome.Platform//41, or upgrading com.valvesoftware.SteamLink might switch its required runtime from org.freedesktop.Platform//20.08 to org.freedesktop.Platform//21.08), so even if org.freedesktop.Flatpak.app-install requires authentication, it might be desirable for org.freedesktop.Flatpak.runtime-install to not require authentication. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943480 Title: flatpak installation permission requirements different from ubuntu software To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1943480/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs