On Thu, Jan 26, 2023 at 8:25 AM Jiri Eischmann <eischmann@xxxxxxxxxx> wrote: > > Neal Gompa píše v Čt 26. 01. 2023 v 07:51 -0500: > > On Thu, Jan 26, 2023 at 7:43 AM Jiri Eischmann <eischmann@xxxxxxxxxx> > > wrote: > > > > > > Vít Ondruch píše v St 25. 01. 2023 v 18:01 +0100: > > > > > > > > Dne 25. 01. 23 v 15:59 Josh Boyer napsal(a): > > > > > On Wed, Jan 25, 2023 at 5:56 AM Vít Ondruch > > > > > <vondruch@xxxxxxxxxx> > > > > > wrote: > > > > > > I am not user of Bottles so I won't complain about this > > > > > > particular case, > > > > > > but the push towards (upstream) Flatpaks is unfortunate :/ > > > > > Can you elaborate on why you feel that way? > > > > > > > > > > > > I don't trust upstream Flatpacks. I don't trust they follow any > > > > standard > > > > except standard of their authors. > > > > > > I maintain both packages in Fedora and flatpaks on Flathub, so I > > > can > > > compare. The review to get an app to Flathub was as thorough as > > > Fedora > > > package review. In some ways even stricter. It's not like "it > > > builds, > > > it runs, you're good to go". They care about some standards, about > > > builds being verifiable etc. > > > The Flathub CI seems to be more extensive than what we have in > > > Fedora. > > > > > > > All of that is optional in Flathub too. That makes it inherently > > weaker. Firefox doesn't go through that, nor does OBS Studio. > > > > > > And I don't like Flatpacks, because their main advantage (their > > > > isolation) is also their biggest disadvantage. There can't be > > > > both > > > > without making compromises. If I am not mistaken, the isolation > > > > is > > > > also > > > > mostly myth, because it is disabled in most cases. > > > > > > Why? Apps come with permissions they require (which you can > > > override > > > btw). Just because some apps require access to your whole > > > filesystem > > > doesn't mean the isolation is a myth. You know the permissions, you > > > may > > > decide not to use such an app. None of the flatpaks maintained by > > > me > > > require this kind of access and are well isolated. > > > > > > > How are people supposed to figure out you can change app permissions? > > It's described precisely nowhere. For GNOME in particular, there's no > > way to review and update app permissions (either to open them up or > > close them further). KDE Plasma is getting this capability with KDE > > Plasma 5.27. > > I mentioned overriding the permissions only as a side note. I don't > think it's something that necessarily has to be advertised to users, > simply because it can break apps. > However, any user can review the permission beforehand and decide > whether they're OK with them or not. That's well advertised in GNOME > Software and KDE Discover already. > But we know that people don't read those. We also know that ISVs cannot generally be trusted with regards to the permissions they set for their own apps. This is literally why Android and iOS changed their model. If you want to encourage "upstream Flatpaks", you cannot do this reasonably with a "trust-developer" mindset, because there is no longer a check to keep them from doing stupid/malicious things. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue