Why maintainers matter

Chat about Linux in general
rene
Level 16
Level 16
Posts: 6681
Joined: Sun Mar 27, 2016 6:58 pm

Re: Why maintainers matter

Post by rene »

You can quite easily tell Steam to use your system libraries instead of its own.
Sure, also for example by said moving its own versions out of the way :)

But the thing is that a Steam snap package would not even experience the issue, its own versions being really private. The security angle I don't necessarily buy; it's very important that a vulnerability in a library and on a code path used by e.g. SSH is quickly fixed but that same library being in use by LibreOffice doesn't mean LibreOffice is now also vulnerable; and certainly not that the risk-profile is equal.

Yes, there's all the reasons for why you want shared libraries to in fact be shared -- memory use, central bugfixing -- but an entire system always keeping itself synchronized in such a manner means massive pain for external software suppliers; in fact too massive for there to currently be a significant number.

I think the overall software situation will improve by there being more, and this requires this type of decentralisation...
User avatar
xenopeek
Level 24
Level 24
Posts: 24849
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Why maintainers matter

Post by xenopeek »

On Snappy and Flatpak: business as usual in the Canonical propaganda department gives a critical look on snappy and argues that Canonical's earlier announcement this week about the state of snappy—Universal “snap” packages launch on multiple Linux distros—is strongly exaggerated. if not plain false.
First let’s be clear: Snappy is a Canonical project. The press release was issued, I think, sort of as if it came from some sort of independent or cross-vendor project, and there’s the snapcraft.io site to back up that impression, but every Snappy committer is a Canonical employee, and contributions to Snappy require signing the notorious Canonical CLA [contributor licence agreement at http://www.ubuntu.com/legal/contributors]
So: Snappy is, like Flatpak, a heavily-under-development, interesting attempt to provide an app store-like app provision mechanism for Linux. It is not finished, it is not close to finished. It is not independent or cross-distribution, it is entirely controlled by Canonical. It does not have, so far as I can tell, meaningful buy-in from a single major distribution outside of Ubuntu. It does not work properly on other distributions yet and it likely will not do so in the near future.
While you can manually download and install snappy packages, the centralized server is closed source and owned and controlled entirely by Canonical. That's perhaps the more worry aspect: it sounds awfully like vendor lock-in.
Image
Ark987
Level 4
Level 4
Posts: 352
Joined: Tue Apr 07, 2015 4:20 am

Re: Why maintainers matter

Post by Ark987 »

xenopeek wrote: While you can manually download and install snappy packages, the centralized server is closed source and owned and controlled entirely by Canonical. That's perhaps the more worry aspect: it sounds awfully like vendor lock-in.
Indeed, hopefully there are other options like Flatapk, AppImage but it is just immature and it seems that only Canonical is thinking about the centralized server, this thing is just in its early days with a lot of hype and marketing :roll:

So, yeah it seems that the centralized server is kind of missing at the moment to be able to put some maintainers on it.
User avatar
Reorx
Level 12
Level 12
Posts: 4013
Joined: Tue Jul 07, 2009 7:14 pm
Location: SE Florida, USA

Re: Why maintainers matter

Post by Reorx »

Excellent article - Thank you Xeno! :mrgreen:
Full time Linux Mint user since 2011 - Currently running LM19 Cinnamon.

Image Image
MintBean

Re: Why maintainers matter

Post by MintBean »

xenopeek wrote:While you can manually download and install snappy packages, the centralized server is closed source and owned and controlled entirely by Canonical. That's perhaps the more worry aspect: it sounds awfully like vendor lock-in.
This is news to me. Shame, I was quite excited about the prospect of Snap until I heard this.
Pentarctagon
Level 1
Level 1
Posts: 31
Joined: Mon Aug 24, 2015 2:57 am

Re: Why maintainers matter

Post by Pentarctagon »

I mean, I understand the arguments being made, but unless both snaps and flatpaks completely bomb and are used by almost nobody, it doesn't really matter a whole lot does it? The chances are that the additional security/convenience/etc are going to make them rather popular, so it seems like, for better or worse, the onus is on maintainers to find a way to continue providing some sort of value or function.
User avatar
Reorx
Level 12
Level 12
Posts: 4013
Joined: Tue Jul 07, 2009 7:14 pm
Location: SE Florida, USA

Re: Why maintainers matter

Post by Reorx »

Pentarctagon wrote:I mean, I understand the arguments being made, but unless both snaps and flatpaks completely bomb and are used by almost nobody, it doesn't really matter a whole lot does it? The chances are that the additional security/convenience/etc are going to make them rather popular, so it seems like, for better or worse, the onus is on maintainers to find a way to continue providing some sort of value or function.
I don't think it is an either/or kind of thing. I think that users will be allowed to make a choice and I think both repositories and snaps will co-exist. Personally, I have no need, want, or desire for snaps and I like repositories A LOT!. Of course, this is coming from someone who still has a "dumb" phone and has no need, want, or desire for a "smart" one! :lol:
Full time Linux Mint user since 2011 - Currently running LM19 Cinnamon.

Image Image
JosephM
Level 6
Level 6
Posts: 1169
Joined: Sun May 26, 2013 6:25 pm

Re: Why maintainers matter

Post by JosephM »

It's an interesting article and makes some fair points but some statements made are just BS. Like this:
It is simply not possible for abusive software to exist in Linux today
Really? What happens when I install something from a PPA? Or install a third party .deb? Or even build from source myself?

I also don't understand a few peoples idea that snap/flatpack should not be supported in Mint. I have yet to hear a valid reason why. The only arguments I have seen so far would mean we should also remove the ability to install software in the other ways mentioned above. PPA's, third party debs, or building ourselves. They serve a very legitimate use case. Not to completely replace the repos but as a supplement. Especially in the case of an LTS based distro like Mint.

So lets go for a couple of use case examples. One real and one theoretical.

I spend my free time as a Mint/Cinnamon developer. That means largely dealing with GLib libraries. Gnome makes an interesting piece of software with some great tools for gnome based development called Gnome Builder. It is under heavy development and sees a good number of bugfixes and new/improved features with each new release. Now I can install it in Mint18 from the repos and get version 3.18. However 3.20 has already been out for a couple of months. Using flatpak I was able to install and run the improved 3.20 version. Something that would not be possible otherwise.

Another example. Say for one of Mint's new XApps we want to target gtk3.18 because it offers us the ability to add some cool/useful new feature that wasn't possible in previous gtk versions. If we did it wouldn't work on LMDE2 with gtk3.14. If we packaged it as a flatpak however it would.
When I give opinions, they are my own. Not necessarily those of any other Linux Mint developer or the Linux Mint project as a whole.
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: Why maintainers matter

Post by Cosmo. »

JosephM wrote:I also don't understand a few peoples idea that snap/flatpack should not be supported in Mint. I have yet to hear a valid reason why. The only arguments I have seen so far would mean we should also remove the ability to install software in the other ways mentioned above. PPA's, third party debs, or building ourselves. They serve a very legitimate use case.
No doubt about the last one; but this depends obviously from the case.

Who said, that "we should also remove the ability to install software in the other ways mentioned above"? What I wrote 2 months ago was, to remove the pre-installed ability to add snaps without prerequisite in a fresh-installed system. Ubuntu 16.04 has the needed package snapd preinstalled, although you wrote, that it has to be installed at first. Perhaps as a member of the development team you knew (what I could not know at that time), that Mint 18 (at least in the at now available beta build) does not have snapd preinstalled; my guess is, that you mixed the state of this package for both OS at the time of discussion. At the time of the last discussion I could only see, what Ubuntu 16.04 has (and what also the Ubuntu-documentation says); with this knowledge I wrote - and I stay with that - that snapd should not be preinstalled. I did never write, that the ability to install snapd or the ability to add a PPA or the ability to install from other sources should get removed; in the contrary, I wrote, that adding the ability for snaps should be a user decision just as adding a PPA is a user decision.
JosephM
Level 6
Level 6
Posts: 1169
Joined: Sun May 26, 2013 6:25 pm

Re: Why maintainers matter

Post by JosephM »

What I wrote 2 months ago was, to remove the pre-installed ability to add snaps without prerequisite in a fresh-installed system.
I know and I don't get the reasoning. Can't see how it's different than allowing installation of ppas by default. Having it the ability to install it does not force you to use them. I can respect your opinion on the matter though and frankly apt install snapd isn't that hard. ElementaryOS for example, seems to have removed the add-apt-repository command by default.

I used 16.04 for quite some time and at one point I'm pretty sure snapd was not pre-installed and could have led to a misunderstanding.
Last edited by JosephM on Sun Jun 19, 2016 6:48 pm, edited 1 time in total.
When I give opinions, they are my own. Not necessarily those of any other Linux Mint developer or the Linux Mint project as a whole.
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: Why maintainers matter

Post by Cosmo. »

JosephM wrote:Having it the ability to install it does force you to use them.
How that? Does the existence of some ten-thousands of packages in the official repositories force anybody to install all of them? Or did I misunderstand your sentence?
JosephM
Level 6
Level 6
Posts: 1169
Joined: Sun May 26, 2013 6:25 pm

Re: Why maintainers matter

Post by JosephM »

Sorry, poor typing skills edited my post :)
When I give opinions, they are my own. Not necessarily those of any other Linux Mint developer or the Linux Mint project as a whole.
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: Why maintainers matter

Post by Cosmo. »

JosephM wrote:Having it the ability to install it does not force you to use them.
With the now by you corrected sentence (such things happen to me also here and then :wink: ):
What I did not do until now is to install in Mint 18 snapd and see, how it works. (Too many things / bugs to explore at this time.) So I can at now not say, how usual packages and snap packages are distinguishable in the package management GUI programs.

With Ubuntu 16.04 (I used the first official final release) they are not distinguishable. And that is really bad.
I admit, that the user can also not tell, if a program in the software manager or a package in synaptic or update manager comes from the official sources or from a PPA (at least not at the first glance). But usually PPAs offer a rather small amount of packages (exceptions do exist) and I know very well, which I get by them. But if I would ad snapd and refresh the cache, how shall I tell, if an offered packages comes as usual package and which comes as snap? There will be supposedly after some time a greater number of snap packages available, too much to keep them in head. With Ubuntu this impossible to distinguish between usual and snap packages. Perhaps you (= Mint developers) have made it distinguishable or offer them in separate section. For the time being I have to leave this open, because I do not want to make changes to my beta-testing system, which possibly have influences to the behavior of the system and make bug-hunting less reliable.
JosephM
Level 6
Level 6
Posts: 1169
Joined: Sun May 26, 2013 6:25 pm

Re: Why maintainers matter

Post by JosephM »

Nothing has been done for any type of GUI support for them in Mint for 18. It is only usable via the command line. If/when they are available through GUI options I'm sure there will be some discussions about how to present them.
With Ubuntu 16.04 (I used the first official final release) they are not distinguishable.
This is probably where the misunderstanding comes from. I used 16.04 from the time it was an alpha in preparation for Mint18 and testing things on the new package base.
When I give opinions, they are my own. Not necessarily those of any other Linux Mint developer or the Linux Mint project as a whole.
skywolfblue
Level 3
Level 3
Posts: 100
Joined: Sun Feb 03, 2013 6:59 am

Re: Why maintainers matter

Post by skywolfblue »

As a non-techie, most of that article kinda goes over my head.

I'm very much a "I just want to download and click on the app and go." person.
No compiling only to find out I'm missing library x.
The mint software center is nice, but many of the apps are often waaaaaay way out of date.
Then a few days ago I discovered Krita 3.0 uses AppImage, which is like downloading an app on a Mac. And I fell in love.

That's what they're talking about right? Packaged apps?

I don't think that this means maintainers should go away, they're needed very much. But I do hope this means a future where apps are easier to get working on linux.

Perhaps that's naive of me and I don't understand whats going on, but that's what I hope.
Ark987
Level 4
Level 4
Posts: 352
Joined: Tue Apr 07, 2015 4:20 am

Re: Why maintainers matter

Post by Ark987 »

JosephM wrote: Gnome makes an interesting piece of software with some great tools for gnome based development called Gnome Builder. It is under heavy development and sees a good number of bugfixes and new/improved features with each new release. Now I can install it in Mint18 from the repos and get version 3.18. However 3.20 has already been out for a couple of months. Using flatpak I was able to install and run the improved 3.20 version. Something that would not be possible otherwise.

Another example. Say for one of Mint's new XApps we want to target gtk3.18 because it offers us the ability to add some cool/useful new feature that wasn't possible in previous gtk versions. If we did it wouldn't work on LMDE2 with gtk3.14. If we packaged it as a flatpak however it would.
skywolfblue wrote:As a non-techie, most of that article kinda goes over my head.

I'm very much a "I just want to download and click on the app and go." person.
No compiling only to find out I'm missing library x.
Here are two post that compliment each other from two different people with (apparently) different skill levels.

That is a know problem of LTS distributiosn that the original author of the article fail to acknowledge neither it consider to make a effort to try to work together to find a solution.
skywolfblue wrote:That's what they're talking about right? Packaged apps?
Yes my friend, this is about to installing your favorite software in whatever GNU/Linux distribution you decide to use, without having to use a rolling distribution, upgrade your entire operating system or completely migrating to another distribution just because you need to run "XYZ" program.

Does it has flaws? Of course!!! This just the beginning and it's immature, but with some feedback and collaboration it can be improved. I understand the author standpoint but denying these problems is not the way. Just because it doesn't affect your use case, means you shouldn't care.
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: Why maintainers matter

Post by Cosmo. »

JosephM wrote:Nothing has been done for any type of GUI support for them in Mint for 18. It is only usable via the command line. If/when they are available through GUI options I'm sure there will be some discussions about how to present them.
Good to read. :!:
User avatar
killer de bug
Level 14
Level 14
Posts: 5399
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: Why maintainers matter

Post by killer de bug »

I still don't see the difference with ppa...
If it ain't broke, fix it until it is.
User avatar
xenopeek
Level 24
Level 24
Posts: 24849
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Why maintainers matter

Post by xenopeek »

PPA has packages for your release of Ubuntu/Linux Mint. It's built for the library versions present in your Ubuntu/Linux Mint release. Snappy instead are packages that (in theory) would run on any Ubuntu/Linux Mint release, as the packages include the library files needed by the program. It does not depend on libraries on your system but ships everything it needs in the package itself.

Thus while packages from a PPA may be lax with security updates, at least the libraries they use are managed by the security team and maintainers of your distribution. With Snappy packages the security team and maintainers of your distribution have no hand in security updates. The libraries shipped in the Snappy packages need to be updated or patched by the one that made the Snappy package, AFAIK.
Image
User avatar
killer de bug
Level 14
Level 14
Posts: 5399
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: Why maintainers matter

Post by killer de bug »

hi xenopeek,

I'm sorry, I was not careful enough when I posted my message. And something that was logic for me was not obvious for the others. :lol:

When I'm comparing Snappy and the ppa, I'm comparing the packaging person. Why would you trust more ppa than Snappy? Why so much noise for this feature? If you don't trust the packager, don't use snappy. And don't use ppa.
I don't see a reason why there should be more concerns about snappy than for ppa.

I don't use ppa. I won't use Snappy. Simple.
If it ain't broke, fix it until it is.
Post Reply

Return to “Chat about Linux”