There is a new minor version of MAT2, the 0.7.0, with new features: more security, new fileformats, minor UX improvements, … I wanted to finish the epub support to do a new release, but apparently the Debian people are freezing things for Buster is happening soon™, so some people asked me to do a release before it.
- Add support for wmv files
- Add support for gif files
- Add support for html files
- Sandbox external processes via bubblewrap
- Simplify archive-based formats processing
- The Nautilus extension now plays nicer with other extensions
Thanks to intrigeri who was looking for a pretext to play with bubblewrap, calls to external processes (like ffmpeg when dealing with video formats, exiftool for certain images formats, …) are now sandboxed with it.
Bubblewrap could be viewed as setuid implementation of a subset of user namespaces.
user namespaces, … those aren't words that I like very much,
because they often rhymes with "low hanging privilege escalation opportunities".
Feel free to read bubblewrap's source code
to make your own opinion about it, it's an optional dependency, so no need to
install it if you don't trust it.
The recommended way to install mat2 is via your package manager, because odds are that there is a cryptographic chain between the code that I have on my laptop and the package that you're installing: I'm signing the releases, the package maintainer is verifying the signature, creating the package, signing it, uploading it to your favourite distribution repositories, where their signature is verified, and the package is finally signed by the release key of the distribution, which is finally verified on your machine before effectively installing the package.
When you're doing a
pip install, the archive is downloaded from pypi.org over
https, and installed; usually in a virtualenv, sometimes system-wide. This is
bad, you shouldn't be doing that, ever.
If you really want to use pypi, you can verify the package's signature by
.asc at the end of the tgz/whl file.
Yay for external contributors, hurray for new supported fileformats, and as usual, help is more than welcome.