Seems you can use all the libraries too as if they were binaries. Updated my Fedora post.
Currently testing how to run the freedesktop.org runtime with home permission, this would allow to not give any app permanent home permission.
But wait, you can run apps with different permissions temporarily, right?
Like flatpak run --filesystem=home org.app.name
but I read the PKGBUILDs and understand them.
That is the best way but not scalable for most users. You need access control and trust. On COPR I add the repo of an individual and only get packages from them.
And programs can bypass it anyway with /home/$USER if they’re feeling vindictive, though I haven’t run into any yet. It’d definitely be nice to have more complete isolation one day.
This is not about isolation, even though this should totally be done. Its just about preventing dotfile mess.
Scalable, you know. A system should stay vanilla in 20 years, in 40 years.
In the end it would be
core minimal system
/etc has some settings pinned or none at all, the rest is always flushed from /usr/etc (issue)
the immutable rest is always upstream
the bootloader is updated with bootupd
flatpaks have their configs isolated, when they are uninstalled, their data is removed
distroboxes are ephemeral, they are used for tasks, managed through a GUI app with a set of commands (like “add this repo” and packages to install, or even building blocks or checkboxes), they are recreated with OS releases
the distroboxes have their own dotfiles which never overlap
the desktop has figured out a way to cleanup old dotfiles
I mean we are not there yet, but close.
I really hate apt.
Apt is an ugly mess and nala might be python bloat but it looks fancy and automates things. Now that it runs on Debian 12 I installed it everywhere.
I really have no idea what to expect. But if I never need to use rpm for querying or whatever again I’ll be happy.
Yeah or add curl instructions to projects like librewolf, to avoid needing “oh and on atomic distros you dont use ‘dnf blabla’ but download it directly”.
Seems you can use all the libraries too as if they were binaries. Updated my Fedora post.
Currently testing how to run the freedesktop.org runtime with home permission, this would allow to not give any app permanent home permission.
But wait, you can run apps with different permissions temporarily, right?
Like
flatpak run --filesystem=home org.app.name
That is the best way but not scalable for most users. You need access control and trust. On COPR I add the repo of an individual and only get packages from them.
This is not about isolation, even though this should totally be done. Its just about preventing dotfile mess.
Scalable, you know. A system should stay vanilla in 20 years, in 40 years.
In the end it would be
I mean we are not there yet, but close.
Apt is an ugly mess and nala might be python bloat but it looks fancy and automates things. Now that it runs on Debian 12 I installed it everywhere.
Yeah or add curl instructions to projects like librewolf, to avoid needing “oh and on atomic distros you dont use ‘dnf blabla’ but download it directly”.
Even though I like my COPR command…