Anyone know anything about the Riot Flatpak package and that process? I'm not keen to reenable their Debian apt repo given their shoddy security practices.
While the app isolation of Flatpak sounds great, I have a vague recollection that some of their repository practices left a lot to be desired. .hc Abel Luck: > Also remove the signing key: > > $ sudo apt-key del "6FEB 6F83 D48B 9354 7E7D FEDE E019 6452 48E8 F4A1" > > Hans-Christoph Steiner: >> >> Also, more bad news: it seems they kept their GPG signing key for their >> Debian packages online: >> >> https://github.com/matrix-org/matrix.org/issues/364 >> >> You should immediately remove the riot Debian repo since the install >> process of deb packages runs things as root. You can see whether your >> Debian-ish machine has this repo by doing: >> >> $ grep riot.im /etc/apt/sources.list /etc/apt/sources.list.d/* >> >> .hc >> >> Abel Luck: >>> Also folks: >>> >>> If you still have Riot open and it hasn't logged you out yet, you need >>> to export your E2E room keys so you don't lose your chat history. >>> >>> Click your profile icon in the top left >>> Choose settings, then security >>> Click export E2E room keys >>> Create a new secure password you store in your password manager to >>> encrypt the keys with >>> Save them and await for the service to come back so you can import them >>> again >>> >>> ~abel >>> _______________________________________________ >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>> To unsubscribe, email: [email protected] >>> >> > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] > -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
