If you care to trust random strangers with your secure messenger that’s a choice you can make (admittedly the desktop isn’t particularly secure to begin with but even more reason to use the actual org’s build imo). I’m sure christian heusel is very reputable.
I don’t consider “wanting a secure app to be installed through first party means” to be particularly unusual. I know in Linux it’s standard to just install random stuff from the internet with root. I’ve obviously done that myself, but for secure stuff I want first party. Making a flatpak wouldn’t be hard (they probably just need to review someone else’s work – it’s like an intern project)
So I went and looked it up, and signal-desktop is listed as a reproducible build, so theoretically you should be able to go and check that it conforms to the source
If you care to trust random strangers with your secure messenger that’s a choice you can make (admittedly the desktop isn’t particularly secure to begin with but even more reason to use the actual org’s build imo). I’m sure christian heusel is very reputable.
And you also need to trust your OS not taking screenshots of your apps or recording the text displayed onto your screen
There’s plenty of links in this chain, there’s a lot you need to be aware of if you’re going to those lengths. Pick your battles
My os does not do that
I don’t consider “wanting a secure app to be installed through first party means” to be particularly unusual. I know in Linux it’s standard to just install random stuff from the internet with root. I’ve obviously done that myself, but for secure stuff I want first party. Making a flatpak wouldn’t be hard (they probably just need to review someone else’s work – it’s like an intern project)
So I went and looked it up, and signal-desktop is listed as a reproducible build, so theoretically you should be able to go and check that it conforms to the source
https://reproducible.archlinux.org/
But this isn’t anything I’ve looked into myself, so feel free to look into it