Dne 07. 01. 22 v 21:54 Major Hayden napsal(a):
On 1/7/22 14:46, Jiri Konecny wrote:
I would like to do here a bit of brainstorming and ask if there is an
existing solution to this problem. To explain my problem,
recently I found more and more apps likes terminals, prompt and
command line tooling, which are great to use but not
packaged or are outdated in our repositories. The reason for this is
simple. These apps are written in languages like Rust or
Go which works the way that there are plenty of smaller libraries and
these are really a hell to package or maintain in
Fedora. On the other hand it's pretty simple to build it from the
source (most of the time) but hard to split it into packages.
Oh gosh, yes, this has been a problem for me for a while. I maintain
azure-cli, which has a few subpackages. It depends on about 95 other
Azure Python SDK components which depend on various Python libraries.
Each of these must be carefully updated when the main azure-cli
package is updated. 🥵
I would say, that for GUI apps we already done that. We have Flatpak
which is doing great job to get these apps there
and motivate people to do that because it's then consumable on plenty
of places. However, this is not really usable if you
need app which is core part of the system (like prompt) or emacs/vim
which needs a lot of dependencies from the system
based on user configuration.
I do like Flatpaks for GUI applications.
For CLIs, I've seen people use container images since it's a single
item that is easily updated. However, it's not always easy to
determine how a container was built and the home of its sources. 😬
The cloud vendors seem to be moving towards bundling everything up
into a zip file that you download and run. AWS now has their own
crypto/hashing components and bundled Python in a zip. Google has a
large zip with plenty of third party vendored content.
Bundling to ZIP is again the same issue. You have to download it from
somewhere and from my PoV that is a bigger problem than not being able
to validate the content.
In general I'm thinking if we shouldn't "shift" our current packager is
responsible for safe content to author is responsible for safe content.
That is basically happening for Flatpak. It's much easier to package
because you can "just take the binary" from author and don't care.
Partial solution to that is COPR. Which I'm taking as AUR (Archlinux).
That is great but maybe there is something not specific for RPM but
working out of the RPM world? That would be much better marketing for
the authors to do the packaging.
I'm very interested to hear additional use cases and ideas.
_______________________________________________
devel mailing list --devel@lists.fedoraproject.org
To unsubscribe send an email todevel-le...@lists.fedoraproject.org
Fedora Code of
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List
Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report
it:https://pagure.io/fedora-infrastructure
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
