@kurisu Dependencies on compiled Python libraries. And Tor. And GnuPG, ideally a specific version so I don't have to worry about the shifting API.
If you've made your application so difficult to package that it'll never be included in distro repositories because it has unmanageable dependencies, that's *your* problem, and flatpak and snaps are just ways that developers push that problem on users.
@kurisu Hi, I asked for opinions, but now you're just lecturing.
Thanks for your input, please stop now.
I hope you see that users really do dislike appimage, flatpak and snaps though. Dismissing users expressing their opinion as just being smug is unhelpful imo.
@kurisu Yes, I see that opinionated people who don't know what I'm dealing with or what I've already considered, are still quite eager to preach and tell me my question is wrong.
I hear that people don't like it, but honestly, every tech has haters. Saying you dislike something has almost zero signal, it's just noise.
Tell me WHY, and I'll listen. If you just tell me something sucks, I probably won't.
@sir @kurisu Later in the app's lifecycle, I fully expect the distros to take over.
At this early stage though (the app is honestly a bit shit and will need frequent fixing), I expect being able to ship updates faster than the distro release cycle has a lot of value to my users.
So I'm considering what options I have for doing that.
my dream package manager stores individual packages in their own special path that includes information that can be used to verify the integrity of the build. dependencies are overlayed into the runtime path for a particular application. app can only write into a sandboxed path. app cannot escape.
i have a proof of concept for parts of this idea. i'd like to find a way to extend APK to work with this idea so i can reuse the alpine packaging tools.
https://source.heropunch.io/tomo/grid/src/branch/latest/grid
@kurisu @sir This is what I am doing now, for Debian derived distros.
And from a security POV, I feel REALLY bad about it. Once you add my repo to your apt sources, I can update any package on your system. I can do so selectively based on your IP address.
Shipping a Snap or Flatpak does imply bloat and does put the onus on me to rebuild and ship when dependencies have security flaws - but at least I can't replace your /usr/sbin/sshd.
Everything has pros and cons.
@HerraBRE @kurisu people who want fast updates should use fast distros