On Tue, Jun 14, 2016 at 9:04 PM, Michael Catanzaro <mcatanz...@gnome.org> wrote: > On Tue, 2016-06-14 at 16:45 -0400, Ben Rosser wrote: >> Well, if a packager wants to maintain it, why not? >> >> As someone who's a bit skeptical about containers as the future of >> software >> distribution, I'd like to continue getting "traditionally packaged" >> applications from Fedora where possible. I became a Fedora packager >> as a >> large part because I wanted to expand the pool of such software that >> was >> available in Fedora, by making it available to other users. It seems >> like >> that's not a thing we're going to care about as much going forward, >> which I >> guess is... fine, but I kind of have mixed feelings about the whole >> thing. >> >> I suspect I am in a minority here, though. > > No, we'll still need RPM packages for lots and lots and lots of > applications. They're not going away. > > In the specific case where upstream decides to ship a Flatpak and wants > to distribute that Flatpak in Fedora, then it seems advantageous to > make that available in Fedora rather than our RPMs, so you get updates > from upstream, exactly the way upstream intends, on upstream's > schedule, that run the same on every distro, without conflicting with > Fedora packages. There's a huge technical advantage to that. But most > upstreams are not going to adopt this technology; it's just an option > to make distributing your application easier. Packagers are still > needed to package stuff that's not yet available on Fedora, same as > always.
That's a weird position to take. The main selling point of Flatpaks is that they operate fully confined in the user's session space, separate from the rest of the system. I find it extremely hard to believe that we can't make these things coexist safely. In fact, there may even be advantages to having a Flatpak and a system version installed in parallel (especially for those who'd like to do certain things in a confined environment and other things in the regular one). If you're saying that the GNOME people can't handle this use case, then that's a huge problem. I expect this to be the most common one by far. On top of that, what you're suggesting implies that the work we all do as Fedora packagers is without value. We work very hard to provide a neatly integrated system that provides maximum functionality in a secure manner. To a certain extent, I also fundamentally disagree with the approach of modularity via the means of Docker containers and whatnot. I don't even like Flatpaks and Snaps and whatever other thing you want to come up with. At the end of the day, none of these things are solving the problem you are attempting to solve, and may introduce their own issues. Both Windows and macOS have a lot of security issues stemming from the lack of easy introspection of the state of the system due to the nature of how software delivery is done for these platforms. Docker, Flatpak, and Snaps all introduce this problem to the Linux platform, and make it far easier for Linux systems to become permanently vulnerable. The container/security thing is nothing specific or special to Flatpak and others, in fact it's more theater than anything else anyway, as it only works when conditions are "just right" (i.e., Wayland, supercharged containerization with SELinux, etc.). And frankly, if you're trying to solve delivering software in a cross-distro fashion, you're doing it wrong. Take for example how RPMs "work": packages are generated with a set of generic dependencies based on the symbols of libraries and programs. There is literally no reason why I couldn't make a package on CentOS 7 and expect it to work on virtually every Linux distribution release from around that time. To the best of my knowledge, the only significant breakage is with OpenSSL, where Fedora refused to set the same soversion that Debian, Mageia, Ubuntu, and other distros chose (1.0.0). This symbol break has led to it becoming impossible to ship something built on Fedora to work on a wide variety of distributions. Much of the way RPM is designed is to *promote* cross-distro (and to some extent, cross-OS) packages. The fact that we don't is more of an artifact of the past than anything else. It continues to amaze me that we've given up on promoting our core technology in such a manner. In many, many, many ways, it is technically superior (in terms of flexibility and fitness for purpose) to the other alternatives out there, but everyone seems to have given up. It's depressing... -- 真実はいつも一つ!/ Always, there's only one truth! -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
