Kind of yes though. Not just for UWP apps (obviously), but to add additional system components like net framework or applications required for specific "server roles" (in WinServer), yes it has.
Ummmmmmmmmmmmmmmmmm.... No?
Only two I know about is Arch and Gentoo, and both aren't "widely used" by any stretch. Well-known, yes (Arch users are smug and brag about it, "Install Gentoo" is a meme).

Depends from many factors. A lot of production software isn't particularly secure.

That's cute, but Android is and will always be an embedded systems OS. Which is an entirely different beast from something running on your desktop or server
Actually it's had package management from the beginning, both in the form of it's system package manager, and the programs it tracks through installers that allow you to remove software through the add/remove software settings pane. The only thing was it wasn't networked which UWP introduces. Nevermind that Chocolatey and friends have existed for a long time.

what starshipeleven said.


Just no.
Security is important, but not at all important for the requirement known as production use.

For something to be necessary for production use it must answer the question: Can it do X, Y, and Z. In this case X, Y, and Z being all of the things people expect a normal desktop and server OS to be able to do, of which self hosting is actually one of the most important, because if I can't self host then it's a royal pain in the ass to develop software for, not even developing the OS itself (And yes Android is a pain in the ass to develop for with it's requirements on using an emulator or sideloading onto your phone), and even beyond the list I made it's still missing a lot, it's just those were some of the most egregious bits for production usage.

You're very clearly not a developer but there's a reason we follow the mantra:
Make it Work. Make it Right. Make it Fast.

If I were to give you a calculator that for all purposes didn't work but was marketed to you as fast and secure you wouldn't want it. Meanwhile if I gave you a calculator that had a half second delay and screamed everything you typed into it over TCP, you wouldn't like it, but you'd be able to live with it and would chose it every day of the week over the calculator that was seemingly dead. Redox right now is basically equivalent to a calculator where only the plus function works. Until it has all 4 basic functions it's not going to be ready for production use.

I do too but you need to be realistic. It needs a lot of feature work before it'll be anything close to something you'll actually want to run day to day.

that's not a real package manager. it doesn't handle dependencies at all. it doesn't keep track of which files belong to which package. it doesn't even have any real concept of a package. it's just a list of executable uninstallers.

no. you've clearly never done any serious computer-related work. without security, your system is not yours.

I am a developer, and have been for 25 years. if it's not secure, it doesn't work. if it's not secure, it's not right. you obviously don't follow that mantra if you think security doesn't matter.

​ ​ Your claim is that it doesn't have any.
Security is an illusion. The only thing that's truly secure is the computer that is off and never runs, and that's not very useful now is it? Everything else is just waiting for a vulnerability to be uncovered whether in the software itself, or like you're freaking out about in the hardware.


​​

OMG......PLEASE NOT another Package Manager.

Why can't those unixoide OS guys not just get their act together and ALL work on ONE package manager.
Put all combined effort to get it down to ONE PACKAGE MANGER. Even for both .DEB and .RPM etc.

PLEASE keep in mind third party software companies.

Why are so many companies holding back on writing software for NON-Windows-OS?

Because everybody wants their own sauce and own thing.

Why not bringing the good ideas, improvement ideas, etc. to ONE Package Manager.

It will still be challenging enough for third party developers to make it run on various Linux and Co.


So, DEAR OSS Community...... don't further expand the fragmentation. The only winner would be M$ !!!

Well it def wouldn't be either of those two. They are colossally f'ed up, complicated and slow.

If you want one to rule them all it's probably PkgSrc from NetBSD.. several ppl have ported it to other OS's and speak highly of it. Redox is taking inspration from quite a lot of Unix type systems, BSD, Solaris and Plan9 and the Unix community doesn't really care that much what Linux is doing and vice versa. Linux seems to want to drift away from Unix and... well so be it.

You don't seem to understand what RedoxOS is. It's a *nix like/POSIX OS written entirely in Rust. They needed to write a new package manager in Rust. If you know a package manager written in Rust, feel free to shut me up. Otherwise, quit complaining.

Bruce Schneier is considered a leading expert in information security, and for what it's worth Luke_Wolf is making his arguments. That is, security is always a secondary concern. A secure Word Processor that can't open my documents, a secure banking application that won't let me withdraw my money, a secure web browser that can't open my favorite website - they're all useless.

Sure, or plenty of other package formats like the X Binary Package System (xbps) pioneered for Void Linux or the Nix Package Manager.

On their Gitlab page it states, "The pkgar format is not designed to be the best format for all archive uses, only the best default format for packages on Redox OS." I don't know what criteria they picked for 'best default format for packages in Redox OS', but two of their criteria are not, as far as I understand it, supported by many other package systems:

• Fast - encryption and hashing algorithms are chosen for performance, and packages can potentially be extracted in parallel
• Relocatable - packages can be installed to any directory, by any user, provided the user can verify the package signature and has access to that directory.

only by people outside the field of information security. within the field, he's largely considered a hack whose only notable achievements have been inventing blowfish, a slow cipher that's no longer recommended for any use, and spreading anti-ECC FUD that's convinced a lot of people to keep using old, slow, less-secure methods like RSA and DH instead of ECDSA and ECDH.

I will look into that, thanks.