misog

Here I researched the two options: 1. Github.com has API rate limits however they are sufficient. Because it takes just one (or three) API query/queries to search all Github.com for...

Hi, I encountered OpenShot video editor. It has no mention about appimage but it contain appimage releases: https://github.com/OpenShot/openshot-qt So maybe custom lists of known appimage projects in simple format is...

> > From average user perspective or from ain't nobody got time for that perspective, user wants to: > > * [x] install the most recent version of a package...

> > If companies publish hash sum of every appimage file (or software wrapped in the appimage) and URL of the hash sum (ex. sha512) located at their site with...

Yes, flathub recipes look good because they are configs... But they allow array of post install scripts from I saw and also even Krita is community-maintained on flathub when at...

> Why not use embedded digital sigatures for this purpose? Because embedded digital signatures are much more complicated to implement for all parties involved and that would prevent fast and...

Yes, wide support from two parties is needed: 1. Company which produces the software as AppImage file and publishes its hashsum on HTTPS website. 2. Distributor which distributes the AppImage...

Yes, that would be nice - but it should create hash that will be placed online. Anybody can alter hashes inside a package so it should not be trusted. There...

@TheAssassin > Please stop using the term "cryptographic hashsum"... you're talking about checksums, not hashsums, not cryptographic hash algorithms. Indeed I write about **cryptographic hash algorithms** which on Linux distributions...

> There is no apparent benefit, instead the attack surface is increased by changing the bit the user has to verify from a PGP key (fingerprint) to some URL. 1....