On Thu, Nov 7, 2013 at 9:48 PM, Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > On Thu, 07.11.13 20:09, Miloslav Trmač (mitr@xxxxxxxx) wrote: >> Is there a technical reason why we can't use their packaging format, >> interpreting it with our technologies but staying compatible? > > Well, the most relevant bit is that they use apparmor for > sandboxing. Nobody else uses that. Are the packages expected to ship their own apparmor policy? That would appear to be at odds with the idea of protecting against malicious packages. If they aren't expected to ship their own, could we implement the same sandboxing policy using SELinux? (https://wiki.ubuntu.com/AppDevUploadProcess seems to suggest Ubuntu will be using some higher-level "profile" format, not raw AppArmor.) > And I don't think it is a good idea to use .deb as an image format. .deb is just an ar archive; if this were the only difference, it would not be worth fragmenting the ecosystem over IMHO. (Especially if the GNOME apps alternative is a "compressed disk image", which saves disk space and costs extra CPU time and memory, making exactly the wrong tradeoff in most situations AFAICS.) Mire -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
