I created a script that always installs apps from their official source
https://github.com/Tsu-gu/appfetch/
It’s a proof of concept of an idea I had a while ago. I dislike having to hunt down apps for my Linux machine when I want them from an official source. Some apps are packages as tarballs, some as .debs, some as install scripts that download a binary, some are flatpaks and snaps.
I created a yaml file with only verified apps from flathub and snapcraft, and added a few apps outside of them that I could think of.
The ultimate goal is the user just typing the names of what they want, and the script will just get it. They shouldn’t waste time with picking the right source.
That’s understandable. Truth be told I probably wouldn’t trust this either if I didn’t make it. Anything can be hiding in the custom field.
Now I’m wondering, if it were bundled with an OCI sandboxing system, that would address my issues with Flatpack and Snap. Technology has moved on and Flatpack has stagnated, and Snap’s just an attempt to centralize control and distribution. It’s time for a redesign, specifically focusing on supply chain attacks, with sandboxing all the way down.
What do you mean by stagnated? I don’t keep up with its development but it seems pretty feature-complete.
If developers move on to something else I will modify the database accordingly. But as long as snap and flatpak are the official methods they will stay.
Ironically, it’s been in the news lately because of a talk given at LAS. Here’s a breakdown of the video, for people like myself who hate watching talking heads.
Basically, development on Flatpak core has mostly stalled. And there’s a lot of work yet to be done; efforts to rebase it on OSI, for instance.
Nobody’s claiming it’s dead; it’s popular and widely used by a lot of people - it’s just that nobody is actively maintaining the Flatpak project anymore.
This is concerning. Hopefully they manage to keep it running as if the standard for packaging software on Linux disappears, companies would return to tarballs.
Someone will probably step up. It sound like the big blocker is governance - there are people willing to contribute, but whomever has control is not doing a good job of administering the project. At least, that’s what I read between the lines.
Someone will probably fork it, get popular, then suddenly the original maintainers will find motivation, try to scramble to regain directional control, and be discarded because everyone lost faith in them.
Or, we’re really about due for a new generation. Snap’s a hot pile of steaming shit, Nix is simply awful for package managers to work with, Flatpak is directionless, Guix is like every other big GNU failed attempt to be an also-ran, and a lot of lessons have been learned from all of these. I expect someone will come out with something cleaner, leaner, and without all of the baggage; maybe with some backwards compatability with Snap, Flatpak, and AppImage packages.
Maybe not, but the situation is ripe for something like that. Just don’t let it be based on god damned Lisp. I respect the hell out of Lisp and Lisp machines, but I absolutely hate having to work with it.