I was sort of cheeky with my ~/.ssh example, because I’m actually 100% on Yubikeys for my SSH private keys, so there’s only public keys in that directory now
It’s all about defense-in-depth: putting up as many barriers as I can before the getting inconvenienced more than I’d like, and flatpak is so easy for me to use that there isn’t any inconvenience at all
I was sort of cheeky with my ~/.ssh example, because I’m actually 100% on Yubikeys for my SSH private keys, so there’s only public keys in that directory now
But, with my setup ( https://gitlab.com/jokeyrhyme/dotfiles/-/blob/main/packages/flatpak-update.sh#L66 ) I run
flatpak override --user --nofilesystem=home ...for a few things like flatpak web browsers (really, I should run this for everything)It’s all about defense-in-depth: putting up as many barriers as I can before the getting inconvenienced more than I’d like, and flatpak is so easy for me to use that there isn’t any inconvenience at all