On Thu, Jun 1, 2023 at 10:00 PM Christian Schaller <cscha...@redhat.com> wrote: > > On Thu, Jun 1, 2023 at 2:36 PM Demi Marie Obenour <demioben...@gmail.com> > wrote: >> >> Why is a Flatpak a better choice for LibreOffice? >> -- >> Sincerely, >> Demi Marie Obenour (she/her/hers) > > There are a lot of ways to answer this, but from any upstream the advantage > of Flatpak is that it means package once and then deploy everywhere. So it > saves them work. > > From a Fedora perspective there is of course nobody telling anyone to not > maintain LibreOffice as RPMS or as a Fedora flatpak going forward, but even > if nobody does we have a good option available in the Flathub package, > especially with the Flathub package not being verified as the official > package of upstream LibreOffice.
I wanted to add one thing here. In general, I do like having software available as flatpaks, especially if it's not available from Fedora repositories. However, there's also the question of *trust* - do I trust the software source and / or the people / projects providing them? Let's take LibreOffice as an example, since it started this whole discussion. The Fedora package appears to bundle only one "major" dependency, hsqldb, and it's documented and justified why this is the case in the spec file. On the other hand, the libreoffice flatpak bundles ~80 projects: - OpenJDK 17 (huh? is there no shared JDK flatpak runtime / SDK extension?) - krb5 (huh?) - xmlsec - boost 1.80 - gpgme (huh?) - mariadb-connector-c - openldap (huh?) - poppler - PostgreSQL 13.10 (huh?) - and about 70 more (but with less memorable names) While I *do* trust the LibreOffice project (somewhat) to ship their own software correctly, do I trust them regarding these ~80 bundled - and partially security sensitive - libraries, as well? I'm not sure. Do I trust the Fedora packages for these libraries? Probably. Many of these libraries are installed by default on Fedora, and are not only used by LibreOffice, so I basically placed implicit trust in these when I first installed Fedora on my machine. Fabio _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
