[bscphil]

That's a good point! Maybe that's the source of it. I've gotten used to it for a couple of statically compiled long-lived binaries (games), but other than that even software I compile myself gets packaged before I install it.

[edoo]

You can run GPU accelerated apps in a container. You just need to install the same video driver and expose the x11 socket and card device. The app could still be evil and screen scrape or key log but at least it has no access to your filesystem and when the container is off it is truly off (assuming reasonable container security). There are several tutorials out there for at least browsers.