Dne 07. 01. 22 v 21:54 Major Hayden
napsal(a):
On 1/7/22 14:46, Jiri Konecny wrote:Bundling to ZIP is again the same issue. You have to download it from somewhere and from my PoV that is a bigger problem than not being able to validate the content.
I would like to do here a bit of brainstorming and ask if there is an existing solution to this problem. To explain my problem,
recently I found more and more apps likes terminals, prompt and command line tooling, which are great to use but not
packaged or are outdated in our repositories. The reason for this is simple. These apps are written in languages like Rust or
Go which works the way that there are plenty of smaller libraries and these are really a hell to package or maintain in
Fedora. On the other hand it's pretty simple to build it from the source (most of the time) but hard to split it into packages.
Oh gosh, yes, this has been a problem for me for a while. I maintain azure-cli, which has a few subpackages. It depends on about 95 other Azure Python SDK components which depend on various Python libraries. Each of these must be carefully updated when the main azure-cli package is updated. 🥵
I would say, that for GUI apps we already done that. We have Flatpak which is doing great job to get these apps there
and motivate people to do that because it's then consumable on plenty of places. However, this is not really usable if you
need app which is core part of the system (like prompt) or emacs/vim which needs a lot of dependencies from the system
based on user configuration.
I do like Flatpaks for GUI applications.
For CLIs, I've seen people use container images since it's a single item that is easily updated. However, it's not always easy to determine how a container was built and the home of its sources. 😬
The cloud vendors seem to be moving towards bundling everything up into a zip file that you download and run. AWS now has their own crypto/hashing components and bundled Python in a zip. Google has a large zip with plenty of third party vendored content.
In general I'm thinking if we shouldn't "shift" our current packager is responsible for safe content to author is responsible for safe content. That is basically happening for Flatpak. It's much easier to package because you can "just take the binary" from author and don't care.
Partial solution to that is COPR. Which I'm taking as AUR (Archlinux). That is great but maybe there is something not specific for RPM but working out of the RPM world? That would be much better marketing for the authors to do the packaging.
I'm very interested to hear additional use cases and ideas.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
