On Wed, Nov 9, 2016 at 7:58 AM, Jiri Eischmann <eischmann@xxxxxxxxxx> wrote: > Matthew Miller píše v Út 08. 11. 2016 v 13:30 -0500: >> On Tue, Nov 08, 2016 at 07:14:37PM +0100, Jiri Eischmann wrote: >> > Another solution would be shipping Fedora Workstation with trusted >> > remotes with flatpak runtimes enabled. It's not a long list right >> > now, >> >> What criteria are there for "trusting" a runtime? Will users be able >> to >> trace the sources that these runtimes are created from and the build >> process used? > > Do we really require the same from other 3rd-party software? > I wouldn't mind a big fat warming "You're installing a 3rd-party app > which will pull in a 3rd-party runtime, Fedora takes no responsibility > for those". The word "trusted" actually has meaning. It can mean we (the Fedora project) believe the application being provided is of high quality and known to work. It can mean it is secure and will not install rootkits or leak privacy information. It can mean a lot of things. However, you absolutely cannot call it trusted and slap a big fat warning on it disavowing it as 3rd-party with no responsibility from Fedora. So either they are trusted to some degree or they are not. Words mean things. > Like with other 3rd-party software, I think it's better if we help > users download the runtime from the official repository than letting > them find it in the wild. > > Don't get me wrong, I have nothing against reasonable criteria for > inclusion, but without double standards. You're raising the standards by calling something trusted. If it isn't trusted, don't call it as such. josh _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
