For instance, if Telegram is installed and I want to drag and drop a file, Flatpak will need wide file permissions:
Otherwise the error message File: [Path] is empty and can't be sent. appears.
I never used Flatpak (or Snap) before, so I wonder if there is a better way? It would be better if permissions are only granted if the file is explicitly dragged and dropped.
I can't say for sure but I suspect the issue is not with the drag and drop functionality per se, but with the directory your files originate from or are trying to drop them into.
A quick test you can run to confirm this is using the ~/Downloads directory as that's normally allowed to all Flatpaks by default. If it works, then you'd have to assign permissions on a per-directory basis. Otherwise, it may be an issue with the drag and drop itself, but I'm not sure how to work around that.
Yes, it is definitely a permissions issue. It can be fixed by altering that with Flatseal, but it would be of course way better if a simple drag and drop would be enought to (temporarily) apply the permissions and revoke them after dropping 
I don't think that's compatible with the security model behind Flatpak packages. These are intentionally designed to have restricted permissions, down to a bare minimum. Having a way to inform Flatpaks of existing files/directories without explicit prior permission kind of defeats the whole point of using them as it severely undermines the security they are meant to provide.
But, in any case, that's something for the Flatpak developers to consider.
Personally, I avoid Flatpaks as much as possible because of issues like this. There are quite simply not enough pros to out-weight the cons, although this is also up for each and every one to decide for themselves.
What do you use, if I may ask?
I stick to the default software repositories as much as possible. The reason being that, in distributions like Debian and derivatives (this inheritance reaches Zorin OS as well), the trend is to favor stability over novelty. This means a much slower release schedule that can be both a positive or a negative, depending on personal needs.
If I need something that it's not in the default repositories, or I need it at a different version than I what is available, I try searching for the package either in the developer's website (usually as pre-compiled binaries) or I compile from source myself. So far, this has been enough for me.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
