On Tue, 2016-11-08 at 19:14 +0100, Jiri Eischmann wrote: > One solution would be giving apps an option to add a remote and > install > the required runtime from it, but Alex sees that as a potential > security issue. Yes. That's not acceptable. Third-parties surely must use some predefined set of runtimes to be compatible with Fedora. Previously it was proposed that we would support only Fedora runtimes, but no third-party developers will use that so I think it's a bad idea. > Another solution would be shipping Fedora Workstation with trusted > remotes with flatpak runtimes enabled. It's not a long list right > now, > pretty much just: FreeDesktop.org, GNOME, and KDE. Vast majority of > existing flatpak apps are using runtimes provided by these. If those > remotes were enabled in Workstation by default, then installing a > flatpak bundle such as LibreOffice would be just a matter of double- > clicking the file and approving the operation because > Software/Flatpak > could figure out the rest including installation of a runtime from > one > of the trusted remotes. I see half of a proposal here. You want FreeDesktop.org, GNOME, and KDE runtimes. Great, I agree. But we need to decide on which versions of those runtimes we will provide. FreeDesktop runtime is supposed to be an LTS, so we probably want to support all versions of that, whenever they are. But we can't support a new GNOME runtime every six months, nor a new KDE runtime every six weeks. So we have to make some decision on which versions are supported, and for how long, which versions are not supported. And that has to happen upstream of Fedora, or the "your app runs everywhere" compatibility guarantee goes out the window. My suggestion would be to have one GNOME LTS release every two years. I'll suggest eventually using the second release every odd-numbered year, to time it before an Ubuntu LTS, but we could bootstrap it with GNOME 3.22 or GNOME 3.24 or whichever. Then we'd support each of those for, say, 5 or 10 years, and not any versions in between. Ideally that would all be discussed and agreed upstream, so that other distros will follow what we do. What do you think about this approach? What do the other stakeholders think (Alex?)? Michael _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
