On Thu, 2023-01-26 at 14:55 +0100, Jiri Eischmann wrote: > Robert Marcano via devel píše v Čt 26. 01. 2023 v 09:00 -0400: > > On 1/26/23 8:42 AM, Jiri Eischmann wrote: > > > Vít Ondruch píše v St 25. 01. 2023 v 18:01 +0100: > > > > > > > > Dne 25. 01. 23 v 15:59 Josh Boyer napsal(a): > > > > > On Wed, Jan 25, 2023 at 5:56 AM Vít Ondruch > > > > > <vondruch@xxxxxxxxxx> > > > > > wrote: > > > > > > I am not user of Bottles so I won't complain about this > > > > > > particular case, > > > > > > but the push towards (upstream) Flatpaks is unfortunate :/ > > > > > Can you elaborate on why you feel that way? > > > > > > > > > > > > I don't trust upstream Flatpacks. I don't trust they follow any > > > > standard > > > > except standard of their authors. > > > > > > I maintain both packages in Fedora and flatpaks on Flathub, so I > > > can > > > compare. The review to get an app to Flathub was as thorough as > > > Fedora > > > package review. In some ways even stricter. It's not like "it > > > builds, > > > it runs, you're good to go". They care about some standards, about > > > builds being verifiable etc. > > > > That doesn't seems to be enforced because many builds scripts just > > download binaries built by other projects, for example; > > > > https://github.com/flathub/org.gnome.gitlab.somas.Apostrophe/blob/master/org.gnome.gitlab.somas.Apostrophe.json#L89 > > > > Note: building the entire pandoc and TeX toolchain is very hard and I > > understand this example packager decision, but It doesn't make more > > trustful that version that one on Fedora. > > > > Flathub is definitely more flexible at that. I was involved in the deal > with Mozilla which was not willing to do special builds in Flathub > infra since from their point of view it was more secure to use builds > done in their infra and just upload them to Flathub. We still found > having official builds from Mozilla and Mozilla officially endorsing > Flathub more beneficial than having Firefox rebuilt by a 3rd party in > Flathub infra. > > But Flathub is still a curated repo. If you want to deviate from > standards you have to justify it, if you're doing something fishy your > flatpak may be taken out. But ultimetaly you have to trust the author, > but that applies to Fedora, too, just to lesser extend. Firefox is an interesting example, though, because it's *exactly* a case where I trust the Fedora builds more than I trust upstream's. Mozilla makes some, to me, sub-optimal choices in search of revenue; this isn't a dilemma Fedora has. (This is also why I run Fennec, not Mozilla's Firefox, on Android). This was one of the main nits I had running Silverblue on my main system for a while, actually - the baked- in Fedora firefox package couldn't play h264 video, to which a common 'fix' is to just install the Mozilla flatpak instead, but I didn't want to do that because I'd much rather have a Fedora packaged build. -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
