Between my Gentoo and Adwaita Nothing experiments, there’s a rather wide gulf in philosophy. Gentoo would suggest that the user have absolute control of the software installed on the system. Adwaita Nothing, or more properly the FreeDesktop way of doing things, would respond that applications are inherently untrustworthy, and should therefore be sandboxed alongside all necessary dependencies - in essence that Flatpak should be the only medium of app publishing.

I don’t know if anyone would make that point so bluntly, but I think it follows from the idea that the security model of DBus is that untrusted applications must be prevented from accessing DBus. 1 When I first heard this, I thought to myself “that’s not how security works”, but after the first few chapters of The Book of Kubernetes, I can see that Flatpak is actually what implements the principle of least privilege here.

This line in particular strikes me:

If you have access to the user’s session bus, then you are a trusted/unsandboxed process with full permissions to do absolutely anything on the bus. This is fundamental to the Linux desktop security model and must be understood.

And so one can see my two experiments as a dialogue between computing models; and one is clearly winning.

I had some pretty high praise for Adwaita Nothing in my previous post, but let’s check in on how my Gentoo experiment is doing.

The Limits of Absolute Control

You would think that a distro focused on total control and compilation from scratch would provide the opportunity to build any arbitrary version of software, but this isn’t the case. If I look at the gnome-base/gnome-shell package, I see the latest version available is 48.7. The issue with that? GNOME 48 is end of life as of March 14th. To be fair, Red Hat Enterprise Linux is still on 47; but RHEL has corporate resources backporting security and bugfixes.

But I’m not running gnome-shell. The real annoyance for me has been trying to build GNOME Circle apps that were designed for Flatpak and rely on versions of projects like glib, gjs, and vte that are newer than Gentoo provides. This has led to a lot of Frankenstein-style tinkering with /usr/local. I should learn to maintain an ebuild overlay at this point; but the way I’ve been going skews more BLFS than Gentoo.

Maybe that’s how I salvage this experiment - a custom overlay. Because so far Adwaita Nothing has been absolutely dominating. It’d certainly give me a deeper sense of what goes into a GNOME installation.

Synthesis

But what if I could build my own flatpaks? I can, of course. But that would be the best of both worlds, right? I’d only need to bump packages that need to exist on the bare system (like Nautilus). Everything else could just have the necessary package versions within each sandbox. Then I’d have both the security model and the total control!