I don’t consider “wanting a secure app to be installed through first party means” to be particularly unusual. I know in Linux it’s standard to just install random stuff from the internet with root. I’ve obviously done that myself, but for secure stuff I want first party. Making a flatpak wouldn’t be hard (they probably just need to review someone else’s work – it’s like an intern project)
So I went and looked it up, and signal-desktop is listed as a reproducible build, so theoretically you should be able to go and check that it conforms to the source
And you also need to trust your OS not taking screenshots of your apps or recording the text displayed onto your screen
There’s plenty of links in this chain, there’s a lot you need to be aware of if you’re going to those lengths. Pick your battles
My os does not do that
I don’t consider “wanting a secure app to be installed through first party means” to be particularly unusual. I know in Linux it’s standard to just install random stuff from the internet with root. I’ve obviously done that myself, but for secure stuff I want first party. Making a flatpak wouldn’t be hard (they probably just need to review someone else’s work – it’s like an intern project)
So I went and looked it up, and signal-desktop is listed as a reproducible build, so theoretically you should be able to go and check that it conforms to the source
https://reproducible.archlinux.org/
But this isn’t anything I’ve looked into myself, so feel free to look into it