Requirements

• System programming (C)
• relevant network technologies
• ideally Linux container technologies
• Good communication skills

It would be a contracting gig, and you'll be joining a great team:

https://foundation.gnome.org/2023/11/09/gnome-recognized-as-public-interest-infrastructure/

Send resume/portfolio to stf@gnome.org

2/2 🧵

and i think a dns angle matters. I.e. local name resolution (i.e. via mdns and search domains) should be more privileged than resolving fqdns.

Impl. idea: define an xattr on cgroups that app sandbox reads and resolved reads and honours.

I really really wish it would be a capability based API, i.e. the portal taking a host (and socket type etc) and responding with an opened socket fd-passed, and that being the only way to connect to anything. (And the document portal should likewise do fd-passing instead of mounting magic FUSE filesystems..)

but of course that’s probably too much API change inflicted on app developers and we’ll always be stuck with janky sandboxes :(

There has to be an easy option to "torify" flatpaks aka using proxys. This currently is a huge inconsistent mess; some apps use system proxy settings, some use "hardcoded" proxy variables, others ignore all proxy variables completely, some have proxy settings inside the apps themselves.

It has to be easy for a user to use a proxy for flatpaks, mainly in the lights that many people have to leverage the Tor network for many things that are outside of the day to day internet activities.