[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What can Debian do to provide complex applications to its users?

Hello Michael,

On Fri, Feb 16 2018, Michael Meskes wrote:

>> We cannot feasibly provide security updates when there is more than
>> one version of the library in the archive.  We do not, and probably
>> never will have, the required manpower.
>> This applies to the nixos/guix solutions too -- we cannot expect our
>> security team to go around backporting patches to all the different
>> versions we're offering to users.
> Yeah, I was expecting this point and I don't agree. Well, I do agree
> on it's being too much of a burden for us to backport all fixes to
> each version, but I do not agree on that being what we need to do.
> If we were to package applications as containers (not necessarily
> docker-style!) we could and should have different rules for
> those. Just see what people will do otherwise, use a Linux
> distribution and install manually and then, maybe, update when a fixed
> version of the application comes out. IMO we should do exactly the
> same and make sure the application containers get update to fixed
> version as and when possible. For users this means that get probably
> better security and easier deployment of whatever application they
> need to run. Obviously this needs to be clearly documented.

Yes, I think that Debian should eventually be providing a repository of
flatpaks (or similar) alongside our apt repos.

One of smcv's talk at DebConf17 explains the advantages of doing this:

Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to: