On Sun, Jul 16, 2017 at 9:21 AM, Christian Dersch <lupinix(a)mailbox.org> wrote:
I hope we will *never* reach that point, if we reach it, I have to
to another Linux distribution which follows the rules of construction I
prefer. As a packager I know how much many upstreams love bundling (and
not updating bundled libs), IMHO Flatpak (in general) encourages them to
do that (yes I know, they can do also for RPM, but Flatpak makes it
easy). And outdated libraries are a high security risk (heartbleed etc.
;)) and sandboxing can never save you from all possible impacts.
Sandboxing is an *additional* and as said in some other mail
*orthogonal* mechanism to clean packaging. I feel we lose many
advantages over operating systems like Windows if we open that door and
continue that way…
That said, for the optional availability of flatpak for packagers:
perfectly fine with that, I'll just ignore it for my stuff. But if there
will be proposals which will change Fedora in a way that I think is
wrong, I'll be back to discuss them ;) Also I know from IRC that there
are more packagers thinking the same way.
I'm definitely such a packager, so I figured I'd chime in and add my
voice here. I agree completely.
Six years or so ago, I installed a Linux distribution-- Fedora, as it
happens-- for the first time, and was very quickly sold on the package
management model as a method to distribute software. I became a Fedora
packager because it seemed so self-evident to me that it was a better
way to distribute software than either the Windows model or the
smartphone application store model. These days I primarily use Fedora
and only occasionally boot into Windows, and one of the things that
helped more or less fully convert me to Linux was traditional package
As an end-user, the only way I'd find the flatpakization of Fedora
acceptable is if I could still do "[package manager] install firefox;
firefox [options]" and have it launch Firefox, regardless as to how
Firefox was packaged. (As an aside, I suspect a *lot* of people are
going to complain if this sort of thing doesn't work if/when Firefox
is turned into a flatpak). If so, I might consider continuing to *use*
the distribution. But as a packager, I'm just not convinced the
potential benefits of sandboxing are worth it, and would have to
seriously consider whether I'm still interested in contributing to
Fedora, if this were to happen.
I can't presume to speak for anyone else, but it wouldn't surprise me
to learn that there are other contributors who feel similarly-- who
chose to contribute because they liked traditional package management
and are now uncomfortable at the idea of replacing it.
All that being said:
I don't have any problem with Fedora growing the technology to build
flatpaks and other packaging formats, as it already has for those who
want to distribute and ship them. I think that there's nothing wrong
with Fedora offering up a choice of images composed using technologies
such as Atomic, flatpak, docker, and so on, for people with different
usage cases. And I don't use Fedora Workstation, so if GNOME Software
wants to advertise flatpaks over RPMs, that doesn't particularly
bother me. So I have no issue with this particular change. But I felt
like I should chime in here because this change thread has turned (as
any discussion on flatpak seems to) into a general discussion on the
future of packaging technology, and I've been uneasy for about a year
now about the direction Fedora might go here.