[digiKam-users] Future of digiKam bundles...

[Mica Semrick]

On 5/24/20 1:38 PM, Chris Green wrote:
> Well that sounds uncomfortable for a start.:-)

Do you have some specific point here or are you just going to keep 
making vague & uninformed comments?


>> Perhaps you should come to a full understand of the technology before
>> throwing your opinion into the mix.
> Why?  I doubt if anyone here fully understands rpm, deb or whatever.
> I'm just trying to get my mind round what flatpack might mean in terms
> of keeping my installation safe and easily maintained.

Again, using Plasma Discover, Gnome Sotftware, or the cli with "flatpak 
update" is how you maintain your system. Since flatpak is repo based, 
getting your flatpaks from a trusted source is how you keep it secure. 
Just like you don't install software from random deb/rpm archives, you'd 
do the same for flatpaks.

> 
> It may very well be a good alternative/improvement over appimage, I'm
> just trying to ensure that we're not losing the huge benefits that
> well maintained repositories provide.

AppImages aren't in a repo. You download them like you would an exe, 
then run them. There is no inherent sandboxing in AppImage (you'd need 
to use something like firejail), but flatpak has built in sandboxing. 
AppImages can't be signed, but flatpak includes GPG signing verification 
out-of-the-box.

> I already stopped using snap.  Appimage is Ok'ish and if flatpack is
> as good then I'm happy, I'm just trying to convince myself that
> flatpack*is*  as good/safe as appimage.

I wouldn't consider AppImage to be "safe" by any means. There is nothing 
inherent to AppImage that makes it safe to run on your system.