I approached the Nautilus developers. They were friendly and welcoming, but they said that all platforms (Windows, Mac, Linux) are moving away from allowing untrusted executables to run outside of a sandboxed environment. It is highly likely that quite soon, Nautilus will no longer have the the ability to launch programs by double-clicking on them, even if they DO have execute permission. This means the question of prompting for execute permission is moot, because the program won’t run anyway.
They suggested this course of action:
- Add the AppImage MIME-type to the open-with list for a sandbox program.
- Double-clicking an AppImage runs it inside a sandbox.
- Add the AppImage MIME-type to the open-with list for GNOME Software.
- Double-clicking an AppImage opens GNOME Software and asks if the user wants to install the AppImage.
It may also be possible to modify the spec slightly to make AppImages valid flatpak and/or snap packages, but fully self-contained so that they can still be run independently of those packaging tools.
The bottom line from the lead developer for Nautilus was:
csoriano: [with] respect to the file manager: sandbox with perms framework? ok to run, otherwise, no