Originally posted by Vistaus
View Post
Announcement
Collapse
No announcement yet.
Flatpak's Flathub Seeing Infrastructure Improvements, Finally Support For Beta Releases
Collapse
X
-
Originally posted by Nille View Post
But i don't need flatpak if i need to compile myself. My point it that you cant trust any packages from some anonymous person or a platform that don't check the uploaders. Flatpack is kinda ok but only if official packages are provided or by a trustworthy person.
And i don't want anyone to force to disclose his name or private information to the public, but just to the platform where he or her upload packages that everyone installs easily.
Its like the PPAs or other third party repository's. at the end you give an unknown person full access to your system and not even the platform validate the uploader.
If you screw the customer on Android Market or whatever the Apple equivalent is, you get sued to hell.
If you screw the customer on Alibaba, you get sent to Gulag.
If you screw the customer on Flathub, well what happens then?
If I was flathub I wouldn't want to be known as the platform with the least amount of consumer protection. No serious developer will publish their software on a platform deemed unsafe for their customers.
- Likes 1
Comment
-
Originally posted by Vistaus View PostI fail to see the problem as packagers from Linux distros, even trustworthy distros like Debian, are still random people from around the world. Sure, they might have a reputation and an about page, but nothing stops them from releasing harmful packages into the distros.
Comment
-
Originally posted by Nille View PostIts different if we talk about bugs or malicious software. The difference in the major Linux distributions that not everyone can Upload a package. So there is a kind of validation there.
Issue tracker and new submissions. Contribute to flathub/flathub development by creating an account on GitHub.
and as most github projects they need a member to approve the pull request, see one of the applications approved here
(yes, most of the posts are from a build bot, look for the github users with the "member" badge as they are the project admins with commit access.
But i don't need flatpak if i need to compile myself.
My point it that you cant trust any packages from some anonymous person or a platform that don't check the uploaders. Flatpack is kinda ok but only if official packages are provided or by a trustworthy person.
That's one of the reasons why "source packages" exist. They allow users to ckeck that the maintainer isn't a fraud.
And i don't want anyone to force to disclose his name or private information to the public, but just to the platform where he or her upload packages that everyone installs easily.
Its like the PPAs or other third party repository's. at the end you give an unknown person full access to your system and not even the platform validate the uploader.
Applications without a maintainer (when the maintainer quit) are also tagged as orphan by admins too https://github.com/flathub/org.mozil...b5901f65d53717
Comment
-
Originally posted by Nille View PostBut everyone that has write access to the Debian repository's is knows by Debian and there leaders or by a responsible person. The same is with Ubuntu, Fedora, etc.
It would only be a PR hit
Comment
-
Originally posted by Nille View Post
But everyone that has write access to the Debian repository's is knows by Debian and there leaders or by a responsible person. The same is with Ubuntu, Fedora, etc.
Comment
-
Originally posted by Vistaus View Post
What? Flathub doesn't package beta software. In fact, when I requested the spotify flatpak to be updated to the latest beta, like Solus does with its regular 3rd party package, I got told by the Flathub maintainers that they only package stable packages.
Last edited by Anvil; 21 February 2019, 08:58 PM.
- Likes 1
Comment
-
Originally posted by Anvil View Post
im afraid ya wrong, Flathub will now be able to Package Beta software. im sure i read there on phoronix or on planet gnome website.https://blogs.gnome.org/alexl/2019/0...-flathub-land/
Comment
Comment