[mikae1]

> That's kinda what the distros ARE.

What things are can change, sometimes for the better. Imagine if distros maintainers could spend their time doing something more productive than doing the same work as hundreds of others are doing.

[mulmen]

But if hundreds of distro maintainers don’t do it then millions of users have to do it.

[tapoxi]

No, users don't do it. The application developers do it in their CI pipelines. Application developers should be the ones building and testing the app, not distro maintainers responsible for a dozen other applications.

[moreresearchplz]

Why should a developer of a free and open-source application, provided free of charge and without any guarantees, have any obligations to package and even test their software on random, thirdparty distributions?

If a distro wants to include their application they have every right in the world to do so. So its up to them to do what ever is necessary to enhance their product with the freely available product of the unpaid developer who created it.

[esarbe]

That's the point of flatpaks - you don't.

You build one flatpak and it will work for all distributions.

[prmoustache]

History has shown that application developers are very bad at releasing good deliverable without too much security holes in the packaged libraries or bad practices. And the sandboxing in flatpak is actually meant to protect users from harm done by clueless devs but it fails because devs can actually build non sandboxed flatpaks and they will do it because they don't care

[ranger207]

History has shown that distro maintainers aren't perfect at patching security vulnerabilities either and that sandboxing is useful regardless. It also shows that user want working software and will go through the effort of inventing new package formats like flatpak to work around distro maintainers. Maintainers now have a choice between complaining that everyone else is doing it wrong and eventually becoming irrelevant, or getting with the program and maybe even offering their expertise to accomplish what people want to do

[prmoustache]

Flatpak hasn't been invented by users but by distro maintainers.

[doublepg23]

Why would you use software if you think the dev is too incompetent to package it?

[tremon]

Because I trust that distro maintainers catch the most obvious errors before packaging and releasing the software.

[ninkendo]

Package it for what? There are a lot of distros. Should the dev be packaging it for every one of them? Debian, red hat, suse, arch, other more esoteric ones? Which distro versions? How many years back should they be maintaining the packages?

[doublepg23]

…the context was Flatpaks and snaps which directly address it by simplifying the process… the developer would explicitly avoid that confusion.

[curt15]

How often do distribution maintainers actually audit the package source code?

[prmoustache]

I wasn't talking about audit but dependency lifecycle.

[mulmen]

It’s called a distribution. Literally distributing the software. The distro deals with integrating all the packages into a single compatible system. This includes setting options to maintain system compatibility.

Packaging is not required for testing individual applications. That happens at build time and the developer writes the tests. These are not distribution specific.

The separation of concerns is very clear. If a distribution doesn’t package the code then the user is left to build the application themselves. It’s impractical that a developer would build and maintain their own packages for every flavor of every distribution.

[zorr]

The discussion is mostly about what a distribution should contain. I don't think a distribution has to contain all the possible software applications in existence.

Instead, I think distros have to provide the base packages like desktop environments and related software. All configured for compatibility and complying with the distro philosophy.

But third party desktop applications that are not directly related to the desktop environment are a different category. There is an endless amount of them with varying quality and resources. You cannot expect distro maintainers to spend time on all these random applications.

However, if a third party app is not included in a distro, it does not mean users have to build the software by themselves. That is the problem that Flatpak and Snap and others are trying to solve. They provide sets of distro-agnostic libraries that developers can target instead of having to target each distro separately.

This way a developer can only package the app once, distro maintainers don't have to do extra work, and users can install applications without having to manually configure and build them. Everyone is happy.

[mulmen]

That’s a reasonable position but it puts developer and maintainer experience ahead of user experience.

Flatpak and friends are a pain in the ass to use and offer a shitty UX. Having a single point of contact and well understood mechanism for software management is a feature for users.

I don’t expect my distribution to have every software package ever. I do expect it to fulfill my needs. As long as there are applications in the repository that do what I need I am happy.

[matheusmoreira]

No. I trust distribution maintainers a lot more than I trust other developers.

[dizhn]

You can't have distro specific policies using this methodology.