Matthew Miller píše v Út 08. 11. 2016 v 13:30 -0500:
On Tue, Nov 08, 2016 at 07:14:37PM +0100, Jiri Eischmann wrote:
Another solution would be shipping Fedora Workstation with trusted remotes with flatpak runtimes enabled. It's not a long list right now,
What criteria are there for "trusting" a runtime? Will users be able to trace the sources that these runtimes are created from and the build process used?
Do we really require the same from other 3rd-party software? I wouldn't mind a big fat warming "You're installing a 3rd-party app which will pull in a 3rd-party runtime, Fedora takes no responsibility for those".
Like with other 3rd-party software, I think it's better if we help users download the runtime from the official repository than letting them find it in the wild.
Don't get me wrong, I have nothing against reasonable criteria for inclusion, but without double standards.
Jiri