I think that other stores and social platforms are making the word "verification" gain a bad reputation, due to the bureucracy and fees, and it is not the case here.
At the same time, I think that the verification mark does not work as some people may expect. Flatpak has become a popular way to sandbox privative apps that are non-free Electron dumb frontends that interact with a cloud SaaS. Discord is a verified Flathub application and it probably sends information about the computer such as the list of process as part of their telemetry.
The point is that this verification process will prevent running apps that have been packaged without the knowledge of the original developer (someone packaging malicious code inside existing apps and deploying them to Flathub), but it will NOT prevent running apps that have additional surprises placed by the original developers in first place.
I wish VSCodium was a viable alternative, but the sheer amount of unsupported first party plug-ins makes it a no-go. License issues prevents the C and C++ integration from working, remote editing is a halfway working unsupported hack which breaks with editor upgrades.
At least that was my experience when I tried to switch to a "modern" GUI editor. In the end I just stuck with neovim; it seems more reliable and has better working C/C++ integration and remote editing.
The C/C++ extension is open source with MIT license but the shipped extension binary contains MS proprietary binaries that is not as open [1]. I am not sure what will be the difference between using MS official build and compiling the source (there will be some for sure).
Yeah, Microsoft doesn't really support Flatpak. VSCodium is verified though and there isn't really any reason to use the proprietary VSCode anymore these days: https://flathub.org/apps/com.vscodium.codium
You are not allowed to ship the extensions outside of Microsofts control. But nothing stops you from downloading the extension from the marketplace and installing them manually.
Or just use the registry anyway. Who's gonna check it?
I really wish we'd see more developers support and verify their apps. Steam, Signal, Chrome, etc. It's probably the most popular way to ship desktop apps on Linux at this point.
Verifying an app on Flathub is a simple and open process that only requires to upload a file into the .well-known tree of the developer website: https://docs.flathub.org/docs/for-app-authors/verification
At the same time, I think that the verification mark does not work as some people may expect. Flatpak has become a popular way to sandbox privative apps that are non-free Electron dumb frontends that interact with a cloud SaaS. Discord is a verified Flathub application and it probably sends information about the computer such as the list of process as part of their telemetry.
The point is that this verification process will prevent running apps that have been packaged without the knowledge of the original developer (someone packaging malicious code inside existing apps and deploying them to Flathub), but it will NOT prevent running apps that have additional surprises placed by the original developers in first place.