[prmoustache]

History has shown that application developers are very bad at releasing good deliverable without too much security holes in the packaged libraries or bad practices. And the sandboxing in flatpak is actually meant to protect users from harm done by clueless devs but it fails because devs can actually build non sandboxed flatpaks and they will do it because they don't care

[ranger207]

History has shown that distro maintainers aren't perfect at patching security vulnerabilities either and that sandboxing is useful regardless. It also shows that user want working software and will go through the effort of inventing new package formats like flatpak to work around distro maintainers. Maintainers now have a choice between complaining that everyone else is doing it wrong and eventually becoming irrelevant, or getting with the program and maybe even offering their expertise to accomplish what people want to do

[prmoustache]

Flatpak hasn't been invented by users but by distro maintainers.

[doublepg23]

Why would you use software if you think the dev is too incompetent to package it?

[tremon]

Because I trust that distro maintainers catch the most obvious errors before packaging and releasing the software.

[ninkendo]

Package it for what? There are a lot of distros. Should the dev be packaging it for every one of them? Debian, red hat, suse, arch, other more esoteric ones? Which distro versions? How many years back should they be maintaining the packages?

[doublepg23]

…the context was Flatpaks and snaps which directly address it by simplifying the process… the developer would explicitly avoid that confusion.

[curt15]

How often do distribution maintainers actually audit the package source code?

[prmoustache]

I wasn't talking about audit but dependency lifecycle.