On Fri, Nov 20, 2015, at 09:01 PM, Jasper St. Pierre wrote: > Currently, the security model of Linux systems is "distro verifies > security and adds to their own repo", with, of course, the step of > "user trusts distro". > > The security model of Batis seems to be "user trusts application > developer" > > The security model of xdg-app is "user trusts the sandbox mechanism".
That's right. I don't think the centralised verifier model can support a really rich ecosystem without the kind of massive resources that Google and Apple have to maintain their app stores. I like the idea of a sandbox, but it's extra complexity and I'm not convinced that developers will adopt it, since no-one's in a position to force people to use the sandbox (unlike on Android, for instance). "User trusts application developer" is what I end up doing every day. > Even without that, there are difficult social problems to solve. The > problem with tarball-based distribution is that applications are built > for a specific environment. So an application built on Debian will > probably assume some form of Debian-isms. Many applications do solve this, at least to their own satisfaction. There's no shortage of products which offer a single 'Linux' download, including casual games (Powder Toy), programmer tools (Pycharm, Visual Studio Code) and other applications (Telegram, CMapTools). These are just a few things that I've come across, I'm sure there would be many more if I went looking. Several of those examples point to what I think is a common theme. Many applications are already written in languages that run on a virtual machine, whether that's Python, Java or Javascript. If I'm writing an application using Electron, for instance, there are prebuilt Electron binaries for generic Linux. So as an application developer, I don't need to worry about ABIs. Of course, people do still write applications in C as well, but clearly the difficulties are not insurmountable. > Oh, and the one being built by KDE is Limba: Thanks, I'll take a look at that. Jerome: > If you're not intimately > familiar with linux, your problem is "Hey, should I distribute debs? > rpms? tarballs? can I not distribute binaries? do I need to let the > distro handle my stuff? what's that pacman they're talking about?" -- > adding another item into that particular mix is simply not useful. Right. That's why I wanted to do an incremental improvement to tarballs, the lowest common denominator that people retreat to when they're overwhelmed by choices. Specifically, you can use Batis to create a tarball and give that to users without ever telling them about Batis - each tarball has an included install script which the application developer hasn't had to write or debug. I hope that developers do support Batis as an installation mechanism as well, but it's useful even if they only use it to create tarballs for users to install manually. > So deb, rpm and tar.*z are really all the same format, with differing > metadata on top. This is the big item to outsiders, and it's the > easiest item to converge on. It might be easy in principle, but I've not seen any indication that distros are going to converge even at a relatively simple layer. Thomas _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
