Draft Product Description for Fedora Workstation

Miloslav Trmač mitr at volny.cz
Thu Nov 7 20:55:12 UTC 2013


On Thu, Nov 7, 2013 at 9:48 PM, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> On Thu, 07.11.13 20:09, Miloslav Trmač (mitr at volny.cz) wrote:
>> Is there a technical reason why we can't use their packaging format,
>> interpreting it with our technologies but staying compatible?
>
> Well, the most relevant bit is that they use apparmor for
> sandboxing. Nobody else uses that.

Are the packages expected to ship their own apparmor policy?  That
would appear to be at odds with the idea of protecting against
malicious packages.  If they aren't expected to ship their own, could
we implement the same sandboxing policy using SELinux?
(https://wiki.ubuntu.com/AppDevUploadProcess seems to suggest Ubuntu
will be using some higher-level "profile" format, not raw AppArmor.)

> And I don't think it is a good idea to use .deb as an image format.
.deb is just an ar archive; if this were the only difference, it would
not be worth fragmenting the ecosystem over IMHO.  (Especially if the
GNOME apps alternative is a "compressed disk image", which saves disk
space and costs extra CPU time and memory, making exactly the wrong
tradeoff in most situations AFAICS.)
    Mire


More information about the devel mailing list