On 06/16/2016 01:30 PM, Matthew Miller wrote:
On Thu, Jun 16, 2016 at 01:12:07PM -0400, Ben Rosser wrote:
> ship pip, npm, etc? Where I become uncomfortable, and the reason I chimed
> in on this thread initially, is with the idea that these new containerized
> packaging systems are in some way *superior* to traditional packaging. Or
> at least that's what I read between the lines of the proposal to allow
> upstreams to ask for their flatpaks or whatever to be shipped in place of
> RPMs.
I think that once the full sandboxing / portal system is in place,
there _will_ be a tangible reason to prefer Flatpak.
Definitely true for third
party packages that currenly require
pip/npm/rubygems/(curl | sh :), but you seem to be saying that Flatpack
will be preferable even when there's an existing Fedora package. I
think this needs to be well justified: security is a mixed bag (RPMs can
have sandboxing via SELinux and otherwise, and containers/flatpacks
complicate security updates), and other aspects also seem to have
balancing pros and cons.