"McQueen says in his blog, "Flatpak has, in my opinion, solved the largest technical issue which has held back the mainstream growth and acceptance of Linux on the desktop … namely, the difficulty for app developers to publish their work in a way that makes it easy for people to discover, download (or sideload, for people in challenging connectivity environments), install and use." - This statement has some truth in it, however, what about security? Let's see what McQueen has to say: "For Flathub to succeed, we need to make sure that as we grow, we continue to be a platform that can give users confidence in the quality and security of the apps we offer. To that end, we are planning to set up infrastructure to help ensure developers are shipping the best products they possibly can to users. For example, we’d like to set up automated linting and security scanning on the Flathub back-end to help developers avoid bad practices, unnecessary sandbox permissions, outdated dependencies, etc. and to keep users informed and as secure as possible." - Kind of generic, just how do we prevent the packager from incorporating malicious code in the package itself? So, the source and binaries are good, but in the package malicious scripts are inserted or the validation is removed. I'd like to see more details here.