So, #Linux Fediverse!

Flatpak? Snaps?

Which one deserves space in my limited brain?

@kurisu That's only realistic for trivial apps with no "interesting" dependencies.

I'm considering this for #Mailpile, which is well outside the complexity that a binary tarball can handle.

@kurisu Dependencies on compiled Python libraries. And Tor. And GnuPG, ideally a specific version so I don't have to worry about the shifting API.

@kurisu Hi, I asked for opinions, but now you're just lecturing.

Thanks for your input, please stop now.

@kurisu Yes, I see that opinionated people who don't know what I'm dealing with or what I've already considered, are still quite eager to preach and tell me my question is wrong.

I hear that people don't like it, but honestly, every tech has haters. Saying you dislike something has almost zero signal, it's just noise.

Tell me WHY, and I'll listen. If you just tell me something sucks, I probably won't.

@HerraBRE @kurisu here's why: both take all of the worst parts and none of the best parts of static linking, all of the worst parts and none of the best parts of package repositories, and combine that with empty promises of security and a ticking timebomb of actual security problems

@sir @kurisu The security problems depend on how good a job I do shipping updates. This is indeed a concern.

The security benefits of sandboxing are very real and I disagree with you on that point.

But thank you for having a real opinion! 😄

@HerraBRE @kurisu that's the problem, you're shipping security updates. You're a random. I trust my distro package maintainers WAY more than I trust random applciation developers.