On Sun, Jul 16, 2017 at 9:21 AM, Christian Dersch <lupinix@xxxxxxxxxxx> wrote: > I hope we will *never* reach that point, if we reach it, I have to move > to another Linux distribution which follows the rules of construction I > prefer. As a packager I know how much many upstreams love bundling (and > not updating bundled libs), IMHO Flatpak (in general) encourages them to > do that (yes I know, they can do also for RPM, but Flatpak makes it > easy). And outdated libraries are a high security risk (heartbleed etc. > ;)) and sandboxing can never save you from all possible impacts. > Sandboxing is an *additional* and as said in some other mail > *orthogonal* mechanism to clean packaging. I feel we lose many > advantages over operating systems like Windows if we open that door and > continue that way… [snip] > That said, for the optional availability of flatpak for packagers: I'm > perfectly fine with that, I'll just ignore it for my stuff. But if there > will be proposals which will change Fedora in a way that I think is > wrong, I'll be back to discuss them ;) Also I know from IRC that there > are more packagers thinking the same way. I'm definitely such a packager, so I figured I'd chime in and add my voice here. I agree completely. Six years or so ago, I installed a Linux distribution-- Fedora, as it happens-- for the first time, and was very quickly sold on the package management model as a method to distribute software. I became a Fedora packager because it seemed so self-evident to me that it was a better way to distribute software than either the Windows model or the smartphone application store model. These days I primarily use Fedora and only occasionally boot into Windows, and one of the things that helped more or less fully convert me to Linux was traditional package management. As an end-user, the only way I'd find the flatpakization of Fedora acceptable is if I could still do "[package manager] install firefox; firefox [options]" and have it launch Firefox, regardless as to how Firefox was packaged. (As an aside, I suspect a *lot* of people are going to complain if this sort of thing doesn't work if/when Firefox is turned into a flatpak). If so, I might consider continuing to *use* the distribution. But as a packager, I'm just not convinced the potential benefits of sandboxing are worth it, and would have to seriously consider whether I'm still interested in contributing to Fedora, if this were to happen. I can't presume to speak for anyone else, but it wouldn't surprise me to learn that there are other contributors who feel similarly-- who chose to contribute because they liked traditional package management and are now uncomfortable at the idea of replacing it. All that being said: I don't have any problem with Fedora growing the technology to build flatpaks and other packaging formats, as it already has for those who want to distribute and ship them. I think that there's nothing wrong with Fedora offering up a choice of images composed using technologies such as Atomic, flatpak, docker, and so on, for people with different usage cases. And I don't use Fedora Workstation, so if GNOME Software wants to advertise flatpaks over RPMs, that doesn't particularly bother me. So I have no issue with this particular change. But I felt like I should chime in here because this change thread has turned (as any discussion on flatpak seems to) into a general discussion on the future of packaging technology, and I've been uneasy for about a year now about the direction Fedora might go here. Ben Rosser _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
