Announcement

Collapse
No announcement yet.

Team Silverblue Succeeds Fedora Atomic Workstation, Aims To Be In Great Shape By F30

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by Candy View Post
    I can use yumex or dnfdragora or gnome-software to install the appropriate rpm or deb package from the correct repositories (or even via terminal=.
    no, you can't. when there are no appropriate rpm or deb package, you just can't. and who is going to make packages for your today's choice of distro?
    Originally posted by Candy View Post
    But then: As long as Fedora keeps producing rpm packages side by side
    again who is going to work for you for free?
    Originally posted by Candy View Post
    For the sake of operability of Fedora, I don't see anyone who want's to turn these badly needed maintainers away.
    it is not like these maintainers have nothing better to do than doing monkey work

    Comment


    • #22
      Originally posted by pal666 View Post
      not, if they move gimp out of repo to flatpak
      Thats right of course! But we are not there yet!

      Comment


      • #23
        Originally posted by stormcrow View Post
        Ubuntu is apparently a Bantu word for "humanity", or so says Wikipedia. Canonical is a South African company and the idea behind their distribution is a simplified experience anyone can use as a desktop for common tasks. It makes a good deal of sense for a brand name
        if all your customers are native bantu speakers
        Originally posted by stormcrow View Post
        Every time I tried to double click the flatpak after installing flatpak support Ubuntu Software would immediately crash
        that is interesting, but slightly off fedora workstation topic

        Comment


        • #24
          Originally posted by pal666 View Post
          no, you can't. when there are no appropriate rpm or deb package, you just can't. and who is going to make packages for your today's choice of distro?
          again who is going to work for you for free?
          it is not like these maintainers have nothing better to do than doing monkey work
          You are missing one of my previous comments. Most modern distros have automated processes for generating (e.g.) RPM packages. But then. Even flatpacks need to be made... By people who are working for free... Their own choice by the way...

          Comment


          • #25
            Originally posted by Candy View Post
            Someone could release a faked flatpak somewhere on the net and the user installs it
            same thing with rpm or deb. why would user install this instead of official flatpak released by software vendor?

            Comment


            • #26
              Originally posted by Candy View Post
              You are missing one of my previous comments. Most modern distros have automated processes for generating (e.g.) RPM packages.
              no. they have process to rebuild rpm after human edited its .spec file. the whole point of flatpaks is to not require any human interaction *multiplied for each fucking distro*
              Originally posted by Candy View Post
              But then. Even flatpacks need to be made... By people who are working for free... Their own choice by the way...
              flatpaks need to be made *once for all distros* and by people who created software in the first place, just like they have to create tarballs anyway. those people have made choice, software exists. distro maintainers did not make choice, most software packages *are not packaged for any distro*, and we are talking about packaging for *all distros*

              Comment


              • #27
                Originally posted by pal666 View Post
                [...] by people who created software in the first place, just like they have to create tarballs anyway. those people have made choice, software exists [...]
                Aprox 10 years ago every of them said "It's up to the package maintainers (e.g. distro) to make packages. We only provide the sources!". Now you encourage them to wear the shoes by creating flatpaks...

                The only valid point here - which I fully agree with - is a base packaging format over all distributions. But this is more a wet dream by someone. Different distros have different philosophies. That's why there are so many different distros.

                Comment


                • #28
                  Originally posted by pal666 View Post
                  no. they have process to rebuild rpm after human edited its .spec file. the whole point of flatpaks is to not require any human interaction *multiplied for each fucking distro*

                  flatpaks need to be made *once for all distros* and by people who created software in the first place, just like they have to create tarballs anyway. those people have made choice, software exists. distro maintainers did not make choice, most software packages *are not packaged for any distro*, and we are talking about packaging for *all distros*
                  That's not... entirely true. A Flatpak targets a specific version of a runtime. These runtimes are not maintained indefinitely (not clear at this point how long they will be) and porting your Flatpak to a newer version of a runtime requires development effort. The upsides is you don't need to do that often and you can be sure your Flatpak won't break while using the exact same runtime version

                  Comment


                  • #29
                    Originally posted by Candy View Post
                    Technically wearing a space suit before leaving the house is also more secure than leaving the house by wearing normal clothes.
                    Technically speaking, no. A space suit's 2 main goals (keeping you in a pressurized environment AND distributing heat properly) are unnecessary in a pressurized environment like on the planet surface. Sure it would also provide decent NBC protection, but that's not anywhere near its main goal.

                    NBC suit/gear is not anywhere near as clunky, unwieldy, heavy deathtrap while actually providing the same level of protection a space suit would provide on a planet's surface. And this is closer to what Flatpack is.

                    Who says that the locking down sandboxing system is without errors ?
                    If a malicious attacker wants to hack a target without sandboxing he does not need to find out how to defeat the sandboxing. If there is also sandboxing, then the attacker doesn't just need to hack the program but also break the sandboxing.

                    The task is made harder, maybe not worth it, possibly impossible for long periods of time between the discovery of vulnerabilities.

                    Someone could release a faked flatpak somewhere on the net and the user installs it. The fake can be anything. Keylogger, Passwordlogger, Hidden advertisments and so on.
                    This is unrelated to my point. I said that compartmentalizing applications make them more secure, not that Flatpak applications are automatically trustworthy.

                    I would really like that (to work like Android where applications are actually untrusted and sandboxed by default), I hope that they will add something along these lines as it matures, because otherwise we are still going to have to rely on trusted repositories (like flathub for example) that enforce sane rules on flatpacks they offer.

                    In the meantime, just like with Debian packages and apt-sources, people making the packages themselves can (should) also release the "sources" of the package, aka the build manifest (its configuration) so people can build their own flatpack to his spec after they checked for bullshit permissions.

                    The main difference is that the build manifest isn't source code, it is human-readable even for non-developers. It's not hard to look into the build manifest for bullshit permissions, see here an example/explanation https://ramsdenj.com/2018/03/26/pack...h-flatpak.html
                    Last edited by starshipeleven; 05-02-2018, 04:43 PM.

                    Comment


                    • #30
                      Originally posted by pal666 View Post
                      not, if they move gimp out of repo to flatpak
                      and nothing prevents flatpaked apps to be run via simple icon or be installed via simple gnome software
                      Btw, I can install flatpacked applications with Discover (the Gnome Software equivalent for KDE Plasma) on OpenSUSE Tumbleweed the same way. Doubleclicking on a flatpack app link on the website or on a flatpack file opens Discover to install it.

                      Comment

                      Working...
                      X