| My personal dream stack is having the best of Guix and Flatpak. Flatpak is sandboxed with clear APIs & portal which is absolutely necessary (even for FOSS app, for eg. if Firefox has a leak we'd be happy it can only access the download folder and not our photos, documents, home folder, etc.). But Flatpak sucks so much for development. The runtimes idea are totally overkill and not granular. Using libraries, packages, IDEs and coding tools is horrible with Flatpak. Just look at the wierdness of running VSCode(ium) in Flatpak. According to flatpak / red hat guys the dream setup is : - Remove the sandbox of VSCode through flatpak-spawn escape permission (so there no point in using flatpak...) - From there call & enter Toolbox/Podman and install your dependency there using yet another package manager (dnf) So you loose sandboxing, use two separate container tool & use two separate packaging tools. So overkill & overengineered. Now take Guix. You have simple dependency system (just list the packages you need), you have true (recursive) reproducibility, and you could have only one container system for everything. The issue is that Guix containers are not compatible with Flatpak portals (which is now pretty much a standard) and, from what I understood, are not really meant for security but more for the insuring basic reproducibility. If some Guix guys would be interested in developing/improving a Guix container system to be compatible with Flatpak portals&APIs and that uses Guix packages instead of runtimes, I'd donate quite a bit for that. Maybe some other people would be interested in that too. |