Batis - XDG-based packaging for Linux desktop apps

Jasper St. Pierre jstpierre at mecheye.net
Fri Nov 20 13:02:51 PST 2015 

Oh, and the one being built by KDE is Limba:

http://people.freedesktop.org/~mak/limba/

On Fri, Nov 20, 2015 at 1:01 PM, Jasper St. Pierre
<jstpierre at mecheye.net> wrote:
> Currently, the security model of Linux systems is "distro verifies
> security and adds to their own repo", with, of course, the step of
> "user trusts distro".
>
> The security model of Batis seems to be "user trusts application developer"
>
> The security model of xdg-app is "user trusts the sandbox mechanism".
>
> Even without that, there are difficult social problems to solve. The
> problem with tarball-based distribution is that applications are built
> for a specific environment. So an application built on Debian will
> probably assume some form of Debian-isms.
>
> Most vendors solve this problem by shipping an environment with their
> system, or by explicitly saying "we work and test within this
> environment, and anything else is unsupported". Sometimes a
> combination of both.
>
> Steam does this -- they ship a stripped down Ubuntu as their
> environment. xdg-app does something similar, only it also allows
> having multiple environments (called "runtimes") on your system, each
> deduplicated.
>
> Batis doesn't seem to attempt to solve this problem, from what I can
> tell. That's disappointing.
>
> On Fri, Nov 20, 2015 at 12:54 PM, Thomas Kluyver <thomas at kluyver.me.uk> wrote:
>> On Fri, Nov 20, 2015, at 08:09 PM, Jasper St. Pierre wrote:
>>> I'm worried. We have xdg-app, we have batis, and I learned that the
>>> KDE people are working on their own thing as well.
>>
>> I haven't heard about the KDE project in this space - is there any
>> website for that?
>>
>> I have looked at xdg-app before, and it looks interesting, but it also
>> looks an order of magnitude more ambitious and complex than what I'm
>> doing. The homepage for it talks a lot about sandboxing technologies,
>> and something called OSTree, which is apparently "git for operating
>> system binaries". That's fine for keen Linux desktop developers like the
>> GNOME team, but I find it hard to imagine cross-platform application
>> developers, who may not even run Linux day to day, figuring it all out.
>> Batis is supposed to be a straightforward step up from distributing
>> plain tarballs.
>>
>> Subuser (http://subuser.org/) is yet another approach to distributing
>> applications.
>>
>>> Could whoever is working on these systems try to collaborate and agree
>>> on some common goals? The code between these systems might be
>>> different, but I think more interoperability and collaboration would
>>> be appreciated.
>>
>> That's a worthy aim, but I think there are simply too many different
>> ideas and priorities out there. For instance, sandboxing applications is
>> clearly a primary concern for xdg-app, whereas it's explicitly something
>> I'm not trying to tackle.
>>
>> Bastien:
>>> No container means no sandboxing. As far as I'm concerned, that makes
>>> it not be a realistic option for the future of the Linux desktop.
>>
>> I'm aiming at the present of the Linux desktop, not the future. ;-)
>>
>> In principle, sure, I'd love a sandbox. In practice, I download code and
>> run it without a sandbox practically every day, whether it's from PyPI,
>> from Ubuntu PPAs, or just downloading tarballs from application
>> websites. I don't think application developers are going to bother with
>> sandboxing technology until that is *the way* to distribute applications
>> on Linux, for all distributions and all desktops. And that's at least a
>> few years away.
>>
>> Also, I'm not sure the Linux desktop has much of a future unless the
>> situation improves sooner. The number of Linux desktop users I know is
>> dwindling as they convert to Mac. Programming conferences, even where
>> open source software plays a big part, are now a sea of Macbooks. We
>> need bigger plans like sandboxing technology, but we also need something
>> to move the status quo forwards.
>>
>>> Right now, Batis looks like "another package format" to me, nothing else.
>>
>> It is another package format! But for all the applications out there
>> that just offer Linux users tarballs, they can use this to build their
>> package without losing any flexibility, and both developer and user gain
>> some convenience. And for the applications that rely on Linux distros
>> for packaging, maybe this makes it simple enough to package themselves,
>> so that users can get up to date versions.
>>
>> Thomas
>
>
>
> --
>   Jasper



-- 
  Jasper

More information about the xdg mailing list