If there's one thing you can always count on in the Linux world it's that packaging can be a nightmare. The OBS Studio team are not happy with the Fedora folks due to Flatpak problems and threatened legal action.
As someone who works with multiple projects who have had to beg and plead to get broken packages taken down, I can confidently assert that it is.
They’ve gotten too popular too fast, and dozens of projects have had similar experiences to OBS.
Some issues we’ve dealth with in the past year:
unmaintained community package which included libraries that made our package vulnerable and was tripping up static scanners
one package unpublished due to a complaint from a completely unrelated person
spammed and suspect versions of our packages being published with shady blobs that aren’t part of our project
There’s plenty more. There just isn’t any kind of moderation, and there needs to be. Regardless of their original intent, it’s now become too big to just let go. Similar things have happened over the years with almost every maintained public package repository: gems, npm, pypi…etc.
Now it’s time for the Flathub folks to step up and do some moderation to prevent worse things from happening. The minimum they could do is add a flag for official packages that are confirmed to be from the proper sources, but that requires a bit of effort on their part.
This isn’t about Flathub. The problem is that Fedora has their own flatpak repo and the packages there take priority over the properly-maintained ones in FlatHub, per OBS.
Not that what you’ve mentioned is wrong, but in this comment section that’s a different topic than what we’re discussing.
As someone who works with multiple projects who have had to beg and plead to get broken packages taken down, I can confidently assert that it is.
They’ve gotten too popular too fast, and dozens of projects have had similar experiences to OBS.
Some issues we’ve dealth with in the past year:
There’s plenty more. There just isn’t any kind of moderation, and there needs to be. Regardless of their original intent, it’s now become too big to just let go. Similar things have happened over the years with almost every maintained public package repository: gems, npm, pypi…etc.
Now it’s time for the Flathub folks to step up and do some moderation to prevent worse things from happening. The minimum they could do is add a flag for official packages that are confirmed to be from the proper sources, but that requires a bit of effort on their part.
This isn’t about Flathub. The problem is that Fedora has their own flatpak repo and the packages there take priority over the properly-maintained ones in FlatHub, per OBS.
Not that what you’ve mentioned is wrong, but in this comment section that’s a different topic than what we’re discussing.