[…] water resistance is one of those things phones love advertising but nobody ever notices.
Water resistance is something I do not want to notice because if I notice it, it means it has failed. Do I trust it completely? Hell no. Do I prefer to have it? Hell yea!
Fair enough, let me rephrase. I'm willing to negotiate about ads, the exact boundaries yet to be discussed. My privacy and my data are absolutely off limits, especially if they're gonna pretend it's not even about these.
I expect the Flatpak sandbox to protect my / from getting cluttered by applications, not to protect me from any actually malicious software. The post's premise seems misguided.
I'd be fine with ads, but Google's policy is only superficially about ads. They want surveillance and user profiling, not ads. Ads are just a way to deliver these. Over my dead body.
From where would you get the public GPG to verify the signature with? How do you know this specific key is the one to trust? Like @tony above said, the best verification when you have no pre-existing trusted channel is the SSL certificate of the website you get the ISO from.
That's a question that occurred to me during this discussion too. Please ping me if you'd get an answer. I'm not a Nintendo person, so I'm not sure where to even start researching that.
It is, but so is Windows. There is also a barely visible small text about it, right next to the trademark and copyright information nobody reads. It's quite well hidden.
Both the dev and his game are amazing. Highly recommended.