If there's one thing you can always count on in the Linux world it's that packaging can be a nightmare. The OBS Studio team are not happy with the Fedora folks due to Flatpak problems and threatened legal action.
I’m sorry, but you’ve completely missed either the point, or how it works.
Flathub is really the problem here for not properly verifying package owners/maintainers and allowing them to moderate other versions of their work.
There honestly just needs to finally be a way to sort official packages from community packages. Right now it’s a mess. Fedora should just take theirs down.
As someone who works with multiple projects who have had to beg and plead to get broken packages taken down, I can confidently assert that it is.
They’ve gotten too popular too fast, and dozens of projects have had similar experiences to OBS.
Some issues we’ve dealth with in the past year:
unmaintained community package which included libraries that made our package vulnerable and was tripping up static scanners
one package unpublished due to a complaint from a completely unrelated person
spammed and suspect versions of our packages being published with shady blobs that aren’t part of our project
There’s plenty more. There just isn’t any kind of moderation, and there needs to be. Regardless of their original intent, it’s now become too big to just let go. Similar things have happened over the years with almost every maintained public package repository: gems, npm, pypi…etc.
Now it’s time for the Flathub folks to step up and do some moderation to prevent worse things from happening. The minimum they could do is add a flag for official packages that are confirmed to be from the proper sources, but that requires a bit of effort on their part.
This isn’t about Flathub. The problem is that Fedora has their own flatpak repo and the packages there take priority over the properly-maintained ones in FlatHub, per OBS.
Not that what you’ve mentioned is wrong, but in this comment section that’s a different topic than what we’re discussing.
Why did Fedora make their packages take priority? Is it because the priority is otherwise random and if you don’t have a priority set, that leads to the issue they mentioned? Because if so, that sounds like a reasonable action by Fedora and like the real culprit is Flathub.
They put their repo first on the list. Packages will default to Fedora’s repo if available. You may specify which version you want, if you both know that it’s happening and know that the package you want in particular is available at both.
I really again do not know how this could possibly be the fault of another repository. Fedora is making decisions for ther distro that circumvent FlatHub, this is not FlatHub’s fault.
Right. And are we talking about the list for OBS or of repos in general? I doubt Fedora sets the priority on a package level. And if they don’t, and if there are some other packages in Flathub that are problematic, then it makes sense to prioritize their own repo over them.
That said, if those problematic packages come from other repositories, or if not but there’s another alternative to putting their repo first that would have prevented unofficial builds from showing up first, but wouldn’t have deprioritized official, verified ones like OBS, then it’s a different story. I haven’t maintained a package on Flathub like the original commenter you replied to but I don’t get the impression that that’s the case.
I believe the reason Fedora does this is to satisfy their regulatory goals, I don’t know the full story behind why they have their own seemingly broken build of OBS on their repo but I would imagine it has something to do with a codec’s worldwide licensing rights or similar. I believe the approach that should be taken is that Fedora should stop offering this package in a broken state as compared to continuing to do so, but that’s an outsider opinion.
Oh 100% agreed - in this instance, it’s clear that OBS has a well maintained package that should be prioritized. But they could keep their repo first and remove OBS (and other known-to-be-well-maintained apps) from it to accomplish that.
I’m sorry, but you’ve completely missed either the point, or how it works.
Flathub is really the problem here for not properly verifying package owners/maintainers and allowing them to moderate other versions of their work.
There honestly just needs to finally be a way to sort official packages from community packages. Right now it’s a mess. Fedora should just take theirs down.
Confidentally incorrect.
Flathub has nothing to do with this
As someone who works with multiple projects who have had to beg and plead to get broken packages taken down, I can confidently assert that it is.
They’ve gotten too popular too fast, and dozens of projects have had similar experiences to OBS.
Some issues we’ve dealth with in the past year:
There’s plenty more. There just isn’t any kind of moderation, and there needs to be. Regardless of their original intent, it’s now become too big to just let go. Similar things have happened over the years with almost every maintained public package repository: gems, npm, pypi…etc.
Now it’s time for the Flathub folks to step up and do some moderation to prevent worse things from happening. The minimum they could do is add a flag for official packages that are confirmed to be from the proper sources, but that requires a bit of effort on their part.
This isn’t about Flathub. The problem is that Fedora has their own flatpak repo and the packages there take priority over the properly-maintained ones in FlatHub, per OBS.
Not that what you’ve mentioned is wrong, but in this comment section that’s a different topic than what we’re discussing.
Why did Fedora make their packages take priority? Is it because the priority is otherwise random and if you don’t have a priority set, that leads to the issue they mentioned? Because if so, that sounds like a reasonable action by Fedora and like the real culprit is Flathub.
They put their repo first on the list. Packages will default to Fedora’s repo if available. You may specify which version you want, if you both know that it’s happening and know that the package you want in particular is available at both.
I really again do not know how this could possibly be the fault of another repository. Fedora is making decisions for ther distro that circumvent FlatHub, this is not FlatHub’s fault.
Right. And are we talking about the list for OBS or of repos in general? I doubt Fedora sets the priority on a package level. And if they don’t, and if there are some other packages in Flathub that are problematic, then it makes sense to prioritize their own repo over them.
That said, if those problematic packages come from other repositories, or if not but there’s another alternative to putting their repo first that would have prevented unofficial builds from showing up first, but wouldn’t have deprioritized official, verified ones like OBS, then it’s a different story. I haven’t maintained a package on Flathub like the original commenter you replied to but I don’t get the impression that that’s the case.
I believe the reason Fedora does this is to satisfy their regulatory goals, I don’t know the full story behind why they have their own seemingly broken build of OBS on their repo but I would imagine it has something to do with a codec’s worldwide licensing rights or similar. I believe the approach that should be taken is that Fedora should stop offering this package in a broken state as compared to continuing to do so, but that’s an outsider opinion.
Oh 100% agreed - in this instance, it’s clear that OBS has a well maintained package that should be prioritized. But they could keep their repo first and remove OBS (and other known-to-be-well-maintained apps) from it to accomplish that.