I’m new to linux and gnome and know absolutely nothing about both.
I use Linux Mint because it seems to give me the most Windows like UI.
Now my question:
I regulary get proposed updates for the installed software via the build-in update application. Most updates are accompanied by a short description of the flatpack. I recently got an update proposed for gnome, with no such short descritive information, the only info I have is that the old version of the gnome software 1ad35c08f9 and the update is version cbd6597a7a.
How do I know if the proposed gnome update is legitmate (free of malware)?
Generally, your distribution is responsible for ensuring that the updates it releases don’t have malware. They usually sign the updates, to make sure that they actually come from your distribution. If you stick to installing software from official sources, or places like Flathub, you’re as safe as any of us from malware.
Some things you can do as a user, like installing third-party software via your package manager, will have you either add more signatures to the “list of trusted software sources” or have you turn off signature checking entirely. At that point, you’re not just trusting your distribution but also the source of third-party software to not send you malware, and usually that third-party source is a lot less trustworthy. This is part of the reason copy+pasting commands from random tutorials on the internet is usually dangerous.
Anyway, Linux Mint doesn’t use GNOME as a desktop and instead uses Cinnamon. I’m unsure what exactly that update would be updating - definitely not all of “GNOME”. You should probably go ask about it in a Linux Mint community space.
Having no descriptive information doesn’t imply it’s bad / malware’ish and vice versa.
It’s not clear what package you’re referring to here (let’s assume package ABC), but my guess would be that Linux Mint has updated package ABC from git version 1ad35c08f9 to cbd6597a7a. Since it’s a git → git based release (meaning not a formal release), the release notes might not have been officially updated in package ABC, which is what generally gets displayed in the Updater UI. Hence the empty update info.
That’s just a guess. Best thing would be to always post in Linux Mint forums first for Linux Mint specific questions, before posting in GNOME discourse.