[OM Cooker] Discussions around new packaging formats

Bernhard Rosenkraenzer bero at lindev.ch
Mon Jun 27 09:55:34 EDT 2016


Hi,

On 2016-06-26 23:17, Maik Wagner wrote:
> I noticed a couple of discussions on the German Linux News Sites such
> as heise.de or pro-linux.de that package management is apparently
> changing. Instead of the rpm/yum or dpkg/apt-get discussions there
> seem to be some new contenders: Snappy, Flatpack, AppImage etc.

 From where I stand, those things are a major step backward.
Essentially they come down to Windowsism like "Bundle every library with 
every application" as opposed to "have 1 system wide copy of every 
library, make everything use that".

The idea behind that is great from the perspective of a (particularly 
non-free) ISV (always have the exact version of a library you've checked 
out, possibility to patch every library or depending service to death), 
regardless of what you're running on.

But from the perspective of a system maintainer it is a horrible idea 
(security bug in glibc -> replace every single package, keep getting bug 
reports about something that has been fixed in a commonly used shared 
library ages ago because some applications still bundle the old version, 
...)

 From the perspective of a malware developer, it's a great idea, you get 
to hide malware/spyware/... in any library instead of having to deal 
with the fact that distro developers look at libraries and patch out 
malicious behavior if any. As long as you can get one package developer 
to use your copy of the library, your stuff goes in.

 From an end user perspective, you get more bugs, more bloat and far less 
memory efficiency.

It probably can't hurt to allow installing those new package formats so 
people can use whatever non-free stuff gets released there - but I think 
adopting them beyond the point of "compatibility with other people's 
packages" would be a really bad idea.

ttyl
bero



More information about the OM-Cooker mailing list