mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-09 02:33:00 -04:00
5c59f1b2a8
SHA1 hashes are considered weak these days. Some distributions have static analysis tools to detect the use of such weak hashes, and they get triggered by flatpak. While this particular use of SHA1 in flatpak is likely not security sensitive, it's also easy to move to SHA256 to avoid any debate. Here, the SHA1 hash of a named remote's filter file is used to generate the name of the directory where the refs from that remote are cached. One can reasonably assume that the cache is frequently invalidated because the list of refs on the remote changes all the time. Hence, it's not big problem if it gets invalidated once more because of this change.
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
See https://flatpak.org/ for more information.
Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.
Read documentation for Flatpak here.
Contributing
Flatpak welcomes contributions from anyone! Here are some ways you can help:
- Fix one of the issues and submit a PR
- Update flatpak's translations and submit a PR
- Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
- Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
- Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
- Improve the Flatpak support in your favorite Linux distribution
Hacking
See CONTRIBUTING.md
Related Projects
Here are some notable projects in the Flatpak ecosystem:
- Flatseal: An app for managing permissions of Flatpak apps without using the CLI
- Flat-manager: A tool for managing Flatpak repositories