On Monday, June 5, 2023 1:37:24 PM EDT Stephen Smoogen wrote: > On Mon, 5 Jun 2023 at 13:32, Michael Catanzaro <mcatanzaro@xxxxxxxxxx> > > wrote: > > On Mon, Jun 5 2023 at 01:13:50 PM -0400, Demi Marie Obenour > > > > <demiobenour@xxxxxxxxx> wrote: > > > zlib should be added to the standard freedesktop.org runtime if it is > > > not > > > already included. > > > > zlib is included in both freedesktop-sdk and also GNOME runtimes, so > > nobody should need to bundle it. > > > > Michael > > The problem I see in these conversations are: > > 1. What is a flatpak and what does it mean to have an application in it? Is > it everything bundled in it or does it use layers? > 2. So there are these 'SDKs' that people mention? What is in them? How are > they built? How are they updated? Who maintains them and how can we > 'verify' in the 'trust and verify' method (aka source code, build flags, > build system). > > I think a FAQ around these and others would probably cut down a lot of the > uncertainty and doubt people feel. Yes. And how does it's security model work? What is the root of trust? Are they signed by a Fedora key that I already have? How can we verify it's integrity? Once installed, how do I verify it's integrity? How do I check if anything has been modified? Does it integrate well with SE Linux, IMA, fapolicyd, or openscap? On a locked down system, are there sysctls that I have undo such as user namespaces? If an app coredumps, does a problem report get generated? Who gets it? -Steve _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
