On 06/16/2016 01:30 PM, Matthew Miller wrote:
On Thu, Jun 16, 2016 at 01:12:07PM -0400, Ben Rosser wrote:
ship pip, npm, etc? Where I become uncomfortable, and the reason I chimed
in on this thread initially, is with the idea that these new containerized
packaging systems are in some way *superior* to traditional packaging. Or
at least that's what I read between the lines of the proposal to allow
upstreams to ask for their flatpaks or whatever to be shipped in place of
RPMs.
I think that once the full sandboxing / portal system is in place,
there _will_ be a tangible reason to prefer Flatpak.
Definitely true for third party packages that currenly require
pip/npm/rubygems/(curl | sh :), but you seem to be saying that Flatpack
will be preferable even when there's an existing Fedora package. I
think this needs to be well justified: security is a mixed bag (RPMs can
have sandboxing via SELinux and otherwise, and containers/flatpacks
complicate security updates), and other aspects also seem to have
balancing pros and cons.
--
devel mailing list
devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
