If there's one thing you can always count on in the Linux world it's that packaging can be a nightmare. The OBS Studio team are not happy with the Fedora folks due to Flatpak problems and threatened legal action.
The issue is that they are pushing their own version of flatpaks, some of which are broken, instead of contributing to flat hub and making that the default.
That wouldn’t work. Flathub and Fedora Flatpaks have different goals.
Fedora Flatpaks must meet legal requirement set by Fedora, so no proprietary or patented software.
Flathub also encourages upstream to maintain their packages. But upstream may not meet the security requirements set by Fedora. Fedora has much stricter packaging guidelines which don’t permit vendored dependencies.
That honestly doesn’t sound like a bad mission, but it seems like there’s a couple other requirements they should impose on their mission and then there wouldn’t be any controversy.
They should require that their package works as well as the upstream, and, in the even that it doesn’t, they need to be very blatant and open that this is a downstream package, and support for it will only be provided by Fedora Flatpaks, and that you may have better results with the official packages.
The primary issues in this case is that it doesn’t work, and it’s not been clear to users who to ask for help.
I’m sorry, but you’ve completely missed either the point, or how it works.
Flathub is really the problem here for not properly verifying package owners/maintainers and allowing them to moderate other versions of their work.
There honestly just needs to finally be a way to sort official packages from community packages. Right now it’s a mess. Fedora should just take theirs down.
As someone who works with multiple projects who have had to beg and plead to get broken packages taken down, I can confidently assert that it is.
They’ve gotten too popular too fast, and dozens of projects have had similar experiences to OBS.
Some issues we’ve dealth with in the past year:
unmaintained community package which included libraries that made our package vulnerable and was tripping up static scanners
one package unpublished due to a complaint from a completely unrelated person
spammed and suspect versions of our packages being published with shady blobs that aren’t part of our project
There’s plenty more. There just isn’t any kind of moderation, and there needs to be. Regardless of their original intent, it’s now become too big to just let go. Similar things have happened over the years with almost every maintained public package repository: gems, npm, pypi…etc.
Now it’s time for the Flathub folks to step up and do some moderation to prevent worse things from happening. The minimum they could do is add a flag for official packages that are confirmed to be from the proper sources, but that requires a bit of effort on their part.
This isn’t about Flathub. The problem is that Fedora has their own flatpak repo and the packages there take priority over the properly-maintained ones in FlatHub, per OBS.
Not that what you’ve mentioned is wrong, but in this comment section that’s a different topic than what we’re discussing.
The issue is that they are pushing their own version of flatpaks, some of which are broken, instead of contributing to flat hub and making that the default.
That wouldn’t work. Flathub and Fedora Flatpaks have different goals.
Fedora Flatpaks must meet legal requirement set by Fedora, so no proprietary or patented software.
Flathub also encourages upstream to maintain their packages. But upstream may not meet the security requirements set by Fedora. Fedora has much stricter packaging guidelines which don’t permit vendored dependencies.
That honestly doesn’t sound like a bad mission, but it seems like there’s a couple other requirements they should impose on their mission and then there wouldn’t be any controversy.
They should require that their package works as well as the upstream, and, in the even that it doesn’t, they need to be very blatant and open that this is a downstream package, and support for it will only be provided by Fedora Flatpaks, and that you may have better results with the official packages.
The primary issues in this case is that it doesn’t work, and it’s not been clear to users who to ask for help.
I’m sorry, but you’ve completely missed either the point, or how it works.
Flathub is really the problem here for not properly verifying package owners/maintainers and allowing them to moderate other versions of their work.
There honestly just needs to finally be a way to sort official packages from community packages. Right now it’s a mess. Fedora should just take theirs down.
Confidentally incorrect.
Flathub has nothing to do with this
As someone who works with multiple projects who have had to beg and plead to get broken packages taken down, I can confidently assert that it is.
They’ve gotten too popular too fast, and dozens of projects have had similar experiences to OBS.
Some issues we’ve dealth with in the past year:
There’s plenty more. There just isn’t any kind of moderation, and there needs to be. Regardless of their original intent, it’s now become too big to just let go. Similar things have happened over the years with almost every maintained public package repository: gems, npm, pypi…etc.
Now it’s time for the Flathub folks to step up and do some moderation to prevent worse things from happening. The minimum they could do is add a flag for official packages that are confirmed to be from the proper sources, but that requires a bit of effort on their part.
This isn’t about Flathub. The problem is that Fedora has their own flatpak repo and the packages there take priority over the properly-maintained ones in FlatHub, per OBS.
Not that what you’ve mentioned is wrong, but in this comment section that’s a different topic than what we’re discussing.