Re: Sandboxed Gnome apps

[Alexander Larsson <alexl redhat com>]

On tis, 2014-09-09 at 10:41 -0400, Colin Walters wrote:
> On Tue, Sep 9, 2014, at 10:20 AM, Colin Walters wrote:
>
> > I think the OpenEmbedded project does a pretty good job of this.  It's
> > designed *explicitly* to be a toolbox, and not like many of the
> > "traditional" distributions in a confused state as to whether it's a
> > toolbox or a product.
>
> That said, I'm really uncertain about the vision of GNOME providing
> binaries where we provide an expectation of security updates.  There's a
> huge amount of infrastructure there that we just don't have.

How would you expect something like this to work though? We have to tell
gnome app developers to target some specific runtime, and we want to
have guarantees about it (its sane, maintained, works well, etc). I
don't think anyone else will create one, and if we create it I don't
think we can rely on someone else doing security updates for it...

I don't think the distros will be interested in this model (they are
generally wedded to the package-everything-model), so its unlikely they
will produce their own runtime that 3rd party apps could use.

If we based our runtime on some existing distro we could reuse the work
on security updates from there, essentially auto-building the new
release when there is a security update from the distro. This would
limit the amount of maintainance work. But what base distro could we use
that has long enough security update guarantees? Something like Centos
perhaps? But then we can't reuse the distro packages for the gnome stuff
as they are too old...