Post AJTnumG3R2ctvwBc6C by MaSven@chaos.social
 (DIR) More posts by MaSven@chaos.social
 (DIR) Post #AJSBihTZOjdqD9MWa8 by amolith@mk.nixnet.social
       2022-05-14T20:15:54.376Z
       
       0 likes, 1 repeats
       
       The correct way to ship packages is with your distribution’s package manager.https://drewdevault.com/2022/05/12/Supply-chain-when-will-we-learn.html
       
 (DIR) Post #AJSjHJ3bTXE16HKGWG by smallsees@social.dropbear.xyz
       2022-05-15T02:31:53Z
       
       0 likes, 0 repeats
       
       @amolith but I won't get the shiny correctly, can't I have 6 different versions of curl for each app?
       
 (DIR) Post #AJTnumG3R2ctvwBc6C by MaSven@chaos.social
       2022-05-15T09:25:08Z
       
       0 likes, 0 repeats
       
       @amolith  this does not scale and because of thst does not solve any of the problems we currently have.
       
 (DIR) Post #AJTnumd63N3f5Oy10y by amolith@mk.nixnet.social
       2022-05-15T14:58:35.375Z
       
       0 likes, 0 repeats
       
       @MaSven@chaos.social hmmmm tell that to the Debian project. I think they'd be very interested to hear how their package distribution model doesn't scale.
       
 (DIR) Post #AJToGvKoMvFCSHyIdM by MaSven@chaos.social
       2022-05-15T15:00:49Z
       
       0 likes, 0 repeats
       
       @amolith they know it. Most of the packages do not get a review. Many packages are shipped with security holes or get patches that only work for Debian and introduce other security holes. I think we need a new concept here.
       
 (DIR) Post #AJToGvh91t6nZYQ8Rc by amolith@mk.nixnet.social
       2022-05-15T15:02:35.261Z
       
       0 likes, 0 repeats
       
       @MaSven@chaos.social should also tell that to Red Hat and SUSE and CentOS and Fedora and Arch Linux
       
 (DIR) Post #AJToyq5jDy8cw2rCfg by MaSven@chaos.social
       2022-05-15T15:06:53Z
       
       0 likes, 0 repeats
       
       @amolith RedHat is trying to do something different with the flatpak approach. I don't know if this will work.Suse also in the direction of this. There is another reason for using this immutable image approch. Arch is just distributed RCE. I think we will see a shift here in the coming years. Maybe it will be assisted by automation or a new form of packaging, who knows.
       
 (DIR) Post #AJToyqNo8kbFq7Jdqq by amolith@mk.nixnet.social
       2022-05-15T15:10:31.711Z
       
       0 likes, 0 repeats
       
       @MaSven@chaos.social Fedora and Red Hat both maintain their own Flatpak repositories. They're using it for containerisation, not shipping packages directly from developer to user. Ubuntu is the only one brain-dead enough to ship the distro with what's basically the Google Play Store built in. Arch is just distributed RCEOk time to mute the thread because you have no clue what you're talking about  ​:blobcatglowsticks:​