They’re saying that the developer could be publishing source code which has nothing to do with what they’re bundling and distributing as a Flatpak here. Unless you or a trusted third party (e.g. your distro) compiles the Flatpak from the published source code, there is nothing that links the published source code and the contents of the Flatpak.
you can. in that case compilation step is replaced with downloading a binary.
compare steam and workbench manifests. in the first case manifest instructs to download a binary and copy stuff into the right place, in second one - to use meson buildsystem, it does everything for you.
They’re saying that the developer could be publishing source code which has nothing to do with what they’re bundling and distributing as a Flatpak here. Unless you or a trusted third party (e.g. your distro) compiles the Flatpak from the published source code, there is nothing that links the published source code and the contents of the Flatpak.
flatpak bundles in flathub repository are built by flathub build bot.
Hmm, interesting. But can’t you also upload proprietary programs onto FlatHub?
Admittedly, I’ve never researched much about Flatpak specifically…
Yes but then the bot won’t say that the code is open source.
The list above is information about the specific package. Eg if it did require hardware access, it would say so instead of saying it doesn’t.
you can. in that case compilation step is replaced with downloading a binary.
compare steam and workbench manifests. in the first case manifest instructs to download a binary and copy stuff into the right place, in second one - to use meson buildsystem, it does everything for you.
pretty much the same as, for example, rpm