Marc Haber писал(а) 2026-02-08 17:17:
I use bottles to run business applications for
Windows on Debian, at least a bit containered away and also isolated
from each other.
And it is not always easy to correctly judged whether
a missing security fix in a library will render an
application vulnerable without having intimate knowledge
on said app. With unvendored dependencies, we shrug it
away and just fix the library.
I see a contradiction here. Currently bottles is not in
Debian, meaning you're using flatpak (bottles is not
distributed otherwise). So currently embedding suits
you, but you would like it not to be in Debian. Why?
Further, Bottles simply downloads zip files with
libraries to your disk. How can the presence or
absence of embedding affect security? The security
of code running under wine, for which bottles is
just a delivery mechanism.
If a user executes `curl http://site.domain|bash`,
then security requirements for `curl` look strange.
Don't you think?
