On Mon, Feb 23, 2026 at 04:12:47PM -0500, T Rex wrote: > would be their decision. What I'm suggesting is that someone on the team > verify that there's no malicious intent in the package build. This involves > monitoring the package build process through merge requests to the GitHub > repository.
1) I do not think I can do such verification unless I am building myself. Does the current flatpack uses the external programs like imageamagick/postscript, pdf viewers etc as an outside dependency which are regularly updated for security bugs? What are in particular the "plugins" you include maintain apart from the lyx binary? 2) Last time I check the lyx flatpack the functionality was barebone enough that I didn't have feeling we should be officially advertize the flatpack option. Did it evolve since then? What major features are working and what features are missing? I am happy to be proved wrong but the way I see it lyx is unfit for the containerized frameworks by its design. To make it work fully you probably need to reinvent distribution packaging inside the container or to ship it as wrecked package - this does not make it particularly attractive for our official distribution venue. Pavel -- lyx-devel mailing list [email protected] https://lists.lyx.org/mailman/listinfo/lyx-devel
