On tis, 2014-09-09 at 10:41 -0400, Colin Walters wrote: > On Tue, Sep 9, 2014, at 10:20 AM, Colin Walters wrote: > > > I think the OpenEmbedded project does a pretty good job of this. It's > > designed *explicitly* to be a toolbox, and not like many of the > > "traditional" distributions in a confused state as to whether it's a > > toolbox or a product. > > That said, I'm really uncertain about the vision of GNOME providing > binaries where we provide an expectation of security updates. There's a > huge amount of infrastructure there that we just don't have.
How would you expect something like this to work though? We have to tell gnome app developers to target some specific runtime, and we want to have guarantees about it (its sane, maintained, works well, etc). I don't think anyone else will create one, and if we create it I don't think we can rely on someone else doing security updates for it... I don't think the distros will be interested in this model (they are generally wedded to the package-everything-model), so its unlikely they will produce their own runtime that 3rd party apps could use. If we based our runtime on some existing distro we could reuse the work on security updates from there, essentially auto-building the new release when there is a security update from the distro. This would limit the amount of maintainance work. But what base distro could we use that has long enough security update guarantees? Something like Centos perhaps? But then we can't reuse the distro packages for the gnome stuff as they are too old... _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
