undefined | Better HN

0 pointsnewnewpdro7y ago0 comments

Have you ever gone through the rigamarole of getting a project into a major distro like debian?

A bunch of the guidelines governing that process are simply unenforcable in a model where the developer builds and publishes the release.

I am not of the opinion that those rules are irrelevant to the stability and security of our systems.

There's a significant push to establish a more app-store model for linux distributions, taking the distributor largely out of the loop for software that isn't part of the base system.

This has both positive and negative consequences.

Today the negative consequences are largely hand-waved away with something along the lines of "containers will protect you".

0 comments

badsectoracula7y ago

I do not really see the difference between the app-store model and the distribution repository model, at the end of the day both are models that teach the users to only download stuff from a specific place. This introduces gatekeeping middlemen that personally i'd rather do without. But if there is going to be a central """trusted""" place, i'd prefer it to be distribution agnostic.

(although even that isn't ideal since in practice it ends up with the major popular distributions pushing agendas to the smaller distributions through whatever requirements are there for "compatibility")

newnewpdroOP7y ago

It makes a substantial difference when we're talking about open software the distributor builds from source. The major distributors set a relatively high standard for the build process.

The same cannot be said for developers in my experience, who often don't even see a problem with the build process accessing the network - and frequently will publish releases built from the same host environment they use for their general daily computing.

From the perspective of a distributor, the packages should be perfectly buildable (and for official releases, preferably so) with a toolchain of known provenance in a clean environment without network connectivity.

The priorities are quite different for the developer of software and the distributor of systems incorporating that software. It's similar to the tension between system administrators and developers.

j / k navigate · click thread line to collapse