Oh, and the one being built by KDE is Limba: http://people.freedesktop.org/~mak/limba/
On Fri, Nov 20, 2015 at 1:01 PM, Jasper St. Pierre <jstpie...@mecheye.net> wrote: > Currently, the security model of Linux systems is "distro verifies > security and adds to their own repo", with, of course, the step of > "user trusts distro". > > The security model of Batis seems to be "user trusts application developer" > > The security model of xdg-app is "user trusts the sandbox mechanism". > > Even without that, there are difficult social problems to solve. The > problem with tarball-based distribution is that applications are built > for a specific environment. So an application built on Debian will > probably assume some form of Debian-isms. > > Most vendors solve this problem by shipping an environment with their > system, or by explicitly saying "we work and test within this > environment, and anything else is unsupported". Sometimes a > combination of both. > > Steam does this -- they ship a stripped down Ubuntu as their > environment. xdg-app does something similar, only it also allows > having multiple environments (called "runtimes") on your system, each > deduplicated. > > Batis doesn't seem to attempt to solve this problem, from what I can > tell. That's disappointing. > > On Fri, Nov 20, 2015 at 12:54 PM, Thomas Kluyver <tho...@kluyver.me.uk> wrote: >> On Fri, Nov 20, 2015, at 08:09 PM, Jasper St. Pierre wrote: >>> I'm worried. We have xdg-app, we have batis, and I learned that the >>> KDE people are working on their own thing as well. >> >> I haven't heard about the KDE project in this space - is there any >> website for that? >> >> I have looked at xdg-app before, and it looks interesting, but it also >> looks an order of magnitude more ambitious and complex than what I'm >> doing. The homepage for it talks a lot about sandboxing technologies, >> and something called OSTree, which is apparently "git for operating >> system binaries". That's fine for keen Linux desktop developers like the >> GNOME team, but I find it hard to imagine cross-platform application >> developers, who may not even run Linux day to day, figuring it all out. >> Batis is supposed to be a straightforward step up from distributing >> plain tarballs. >> >> Subuser (http://subuser.org/) is yet another approach to distributing >> applications. >> >>> Could whoever is working on these systems try to collaborate and agree >>> on some common goals? The code between these systems might be >>> different, but I think more interoperability and collaboration would >>> be appreciated. >> >> That's a worthy aim, but I think there are simply too many different >> ideas and priorities out there. For instance, sandboxing applications is >> clearly a primary concern for xdg-app, whereas it's explicitly something >> I'm not trying to tackle. >> >> Bastien: >>> No container means no sandboxing. As far as I'm concerned, that makes >>> it not be a realistic option for the future of the Linux desktop. >> >> I'm aiming at the present of the Linux desktop, not the future. ;-) >> >> In principle, sure, I'd love a sandbox. In practice, I download code and >> run it without a sandbox practically every day, whether it's from PyPI, >> from Ubuntu PPAs, or just downloading tarballs from application >> websites. I don't think application developers are going to bother with >> sandboxing technology until that is *the way* to distribute applications >> on Linux, for all distributions and all desktops. And that's at least a >> few years away. >> >> Also, I'm not sure the Linux desktop has much of a future unless the >> situation improves sooner. The number of Linux desktop users I know is >> dwindling as they convert to Mac. Programming conferences, even where >> open source software plays a big part, are now a sea of Macbooks. We >> need bigger plans like sandboxing technology, but we also need something >> to move the status quo forwards. >> >>> Right now, Batis looks like "another package format" to me, nothing else. >> >> It is another package format! But for all the applications out there >> that just offer Linux users tarballs, they can use this to build their >> package without losing any flexibility, and both developer and user gain >> some convenience. And for the applications that rely on Linux distros >> for packaging, maybe this makes it simple enough to package themselves, >> so that users can get up to date versions. >> >> Thomas > > > > -- > Jasper -- Jasper _______________________________________________ xdg mailing list xdg@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xdg