[CentOS] Flatpak [was Re: Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora Boltron]]

Fri Aug 4 13:20:23 UTC 2017
Matthew Miller <mattdm at mattdm.org>

On Fri, Aug 04, 2017 at 02:10:31PM +0200, Leon Fauster wrote:
> > I think what you're looking for here is Flatpak.
> Just a off-topic question (maybe in the future of EL less off-topic); 
> Does the concept of flatpak make updates in general more complicated 
> (e.g. security issues in libraries)? The centralized concept of "shared 
> libraries" does support by design the elimination of issues with "one" 
> update. The flatpak approach implies that "every" flatpak packaged 
> software must be updated individually, right? I hope that i got it right? 

Partly. Flatpak supports the concept of runtimes, which are shared, so
updates to those will be shared. Additionally, since it uses os-tree,
updates can be small and fast and are de-duplicated on disk.

If you're installing Flatpaks from arbitrary sources, of course, you
need to make sure that you trust each provider. In Fedora, our plan is
to automatically generate Flatpaks from RPMs, and when those RPMs are
updated they will automatically cascade through the build and update
system. 

-- 
Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader