Why maintainers matter

Chat about Linux in general
User avatar
xenopeek
Level 24
Level 24
Posts: 24848
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Why maintainers matter

Post by xenopeek »

Well, in that case this is a bit of a non-argument :) The topic is about why maintainers, distro maintainers to be specific, matter. It's not about PPA maintainers. That's another discussion :wink:
Image
User avatar
killer de bug
Level 14
Level 14
Posts: 5399
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: Why maintainers matter

Post by killer de bug »

I don't agree.

The article starts by saying that it's ok to use Snappy if it is packaged by your distro maintainer.
So the discussion is about trust. :wink:
If it ain't broke, fix it until it is.
JosephM
Level 6
Level 6
Posts: 1169
Joined: Sun May 26, 2013 6:25 pm

Re: Why maintainers matter

Post by JosephM »

killer de bug wrote:When I'm comparing Snappy and the ppa, I'm comparing the packaging person. Why would you trust more ppa than Snappy? Why so much noise for this feature? If you don't trust the packager, don't use snappy. And don't use ppa.
I don't see a reason why there should be more concerns about snappy than for ppa.
This is pretty much my feeling. Snappy/Flatpak does carry the extra addition of some packaged libraries that need to be maintained. In my case, trying gnome-builder, it's packaged by gnome-devs. Seeing how everything I see on my screen in tied to gnome developed software I am ok with using that.
killer de bug wrote:I don't use ppa. I won't use Snappy. Simple.
This. Users can decide this themselves.
When I give opinions, they are my own. Not necessarily those of any other Linux Mint developer or the Linux Mint project as a whole.
User avatar
xenopeek
Level 24
Level 24
Posts: 24848
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Why maintainers matter

Post by xenopeek »

killer de bug wrote:The article starts by saying that it's ok to use Snappy if it is packaged by your distro maintainer.
Which article?
Image
rene
Level 16
Level 16
Posts: 6681
Joined: Sun Mar 27, 2016 6:58 pm

Re: Why maintainers matter

Post by rene »

This. Users can decide this themselves.
Glad to see this thread not turn wholly rejective. Indeed. And I expect to personally decide on quite a few of them. Maintainers do certainly sometimes maintain but can in fact quite a bit more often be better referred to as package monkeys. I'd much rather trust the original software supplier in those cases.
User avatar
xenopeek
Level 24
Level 24
Posts: 24848
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Why maintainers matter

Post by xenopeek »

rene wrote:I'd much rather trust the original software supplier in those cases.
With the software they developed, perhaps. But not with the system libraries they neither develop nor maintain and that would be included in the Snappy package. That's my issue with it. That's also why I disagree with killer de bug on putting Snappy and PPAs in the same corner; PPAs use your systems libraries and are just Debian repositories.
Image
rene
Level 16
Level 16
Posts: 6681
Joined: Sun Mar 27, 2016 6:58 pm

Re: Why maintainers matter

Post by rene »

But libraries contained in a snap-like package are NOT system libraries. They are libraries private to the snap-packaged application. If LibreOffice fails to update a library that the system as a whole also uses it's only LibreOffice that is affected by this. And as also mentioned above somewhere, it is code-paths rather than libraries per se that are buggy/vulnerable. Maybe LibreOffice is fine -- and if it's not I will trust the LibreOffice snap-package maintainer to update things; it's his application that has the problem.

Yes. Certainly we will see less-involved software distributors loose interest and NOT update even if they are affected. I find this to be mostly a detail though in the larger picture of currently few external suppliers even existing.
User avatar
killer de bug
Level 14
Level 14
Posts: 5399
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: Why maintainers matter

Post by killer de bug »

xenopeek wrote:Which article?
The one you linked: Maintainers Matter: The case against upstream packaging
The promise: But Linux is different! No one does those horrible things on Linux! And no one ever will!

The reality: But is it different? Somehow we've gotten this idea that everyone who writes software for Linux does it for the warm fuzzies. No Linux ISV tries to take advantage of people, and none of them ever had. Linux has been around for 20 years. Everyone has been ethical and trustworthy the whole time. Clearly they have proven themselves and will continue to be ethical and trustworthy. Alternatively, Linux is somehow immune to this darker side of human nature.
Maintainers are the Difference
We are indeed discussing trust. Right?
If it ain't broke, fix it until it is.
User avatar
killer de bug
Level 14
Level 14
Posts: 5399
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: Why maintainers matter

Post by killer de bug »

xenopeek wrote:PPAs use your systems libraries...
... until they need a library to be updated, and they include it their ppa and so on and so on... :)
xenopeek wrote:and are just Debian repositories.
No. It's a repository where people can put libraries/software for users. Good people can be trusted but there is always a risk that someone is changing the code before packaging it.

I get what you meant with the Debian repositories. But for me it's different. :?
If it ain't broke, fix it until it is.
User avatar
xenopeek
Level 24
Level 24
Posts: 24848
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Why maintainers matter

Post by xenopeek »

Mark Shuttleworth has responded to concerns about the Snappy server being Canonical controlled: https://lists.ubuntu.com/archives/snapc ... 00286.html

In one go he makes clear there is no reason to be concerned about the Snappy server being Canonical controlled as any distro can set up their own Snappy server (it just needs a webserver from where users can manually download the Snappy packages) but does he also dent the idea that a Snappy package would be usable across all Linux distros? He opens the door for that with saying every Linux distro can host their own Snappy packages. But whatever Canonical (or Red hat :lol:) announces often leads to speculation and divisive discussions.

I think Flatpak (one of the recent alternatives to Snappy) has been much more clear in their communication. They make clear Flatpak packages are downloaded from repositories and you can add multiple Flatpak repositories to your system. They make clear Flatpak has a flawed security sandbox if you use X11 and only moving to Wayland will fix those flaws as X11 is inherently insecure (the same goes for Snappy but they've not made that clear). For me personally at least how to create a Flatpak package seems much simpler than how to create a Snappy package.

Anyway, sidetracking as the discussion was about why maintainers matter but perhaps we've reached the end of discussion about that :wink:
Image
rene
Level 16
Level 16
Posts: 6681
Joined: Sun Mar 27, 2016 6:58 pm

Re: Why maintainers matter

Post by rene »

but does he also dent the idea that a Snappy package would be usable across all Linux distros?
No, in a fundamental sense it would appear not. Snaps themselves are self-contained; contain "all" dependencies and care as such not onto which distribution they are installed beyond a minimal "well, is it a Linux distribution?" sort of way. The only thing he is saying is that Canonical's particular "snap store" -- its own idea/vision of snap distribution -- is not all that relevant. Whichever way a user gets his hands on a snap is fine, be it by means of Canonical's store, Redhat's store, direct web-download, what have you.

In a non-fundamental, practical and/or political sense it might be an issue if Redhat provides (easy) access only to snaps/flatpaks downloaded from its own store, Ubuntu to its. Certainly it is when Redhat provides (easy) access only to flatpaks, Ubuntu only to snaps. But neither is an issue of the formats by themselves, nor Canonical's sole responsibility to prevent.
User avatar
Lucap
Level 5
Level 5
Posts: 919
Joined: Tue May 24, 2016 1:40 am

Re: Why maintainers matter

Post by Lucap »

http://appimage.org/
https://en.wikipedia.org/wiki/AppImage_ ... _method%29

I see AppImage has already been mention , Linus Torvalds likes AppImage
https://plus.google.com/+LinusTorvalds/ ... yrATKUnmrS

3rd party AppImage applications so use at your own risk.
https://bintray.com/probono/AppImages
Post Reply

Return to “Chat about Linux”