xiwrap

slightly higher-level container setup utility
git clone https://git.ce9e.org/xiwrap.git
commit
4f0759e5a23ea33640de8b0d6b41a0d68178edf6
parent
48a17612c431632d44d401dd0950d5da168fc6a1
Author
Tobias Bengfort <tobias.bengfort@posteo.de>
Date
2024-06-24 06:58
README: rewrite section on flatpak

Diffstat

M README.md 30 ++++++++++++++++++------------

1 files changed, 18 insertions, 12 deletions

diff --git a/README.md b/README.md 

@@ -39,22 +39,28 @@ modules.
   39    39 ## Why not flatpak?
   40    40 
   41    41 flatpak is a mature and well established project that also uses bwrap and
   42    -1 xdg-dbus-proxy.
   43    -1 
   44    -1 However, flatpak's main goal is to simplfy packaging for Linux. Their
   45    -1 vision is that users get their apps directly from developers instead of going
   46    -1 through distros. Sandboxing is a necessary condition for that vision, but not
   47    -1 the main goal. Another condition is that libraries are not managed centrally,
   48    -1 but come bundle with each app. As a result, they are often redundant or even
   49    -1 outdated.
   50    -1 
   51    -1 xiwarp on the other hand is fully focused on security. It supports using a
   52    -1 different runtime for an application, but that is not the focus.
   -1    42 xdg-dbus-proxy. I actually really like [the high level
   -1    43 permissions](https://docs.flatpak.org/en/latest/sandbox-permissions.html) they
   -1    44 have been building.
   -1    45 
   -1    46 However, flatpak does much more then just sandboxing. With flatpak, libraries
   -1    47 are not managed centrally, but come bundle with each app. As a result, they are
   -1    48 often redundant or even outdated. This is because flatpak's main goal is to
   -1    49 simplify packaging for Linux. Their vision is that users get their apps
   -1    50 directly from developers instead of going through distros. Sandboxing is a
   -1    51 necessary condition for that vision, but not a goal in itself. Much of the
   -1    52 criticism flatpak received ([[1]](http://flatkill.org/)
   -1    53 [[2]](https://ludocode.com/blog/flatpak-is-not-the-future)) is targeted at this
   -1    54 second aspect.
   -1    55 
   -1    56 So you can think of xiwrap as an attempt to build something that has all of
   -1    57 flatpak's sandboxing features, but none of the rest. Not because flatpak is
   -1    58 bad, but because strong, usable sandboxing is also useful in the context of a
   -1    59 traditional distro.
   53    60 
   54    61 ## Prior Art
   55    62 
   56    63 -   https://wiki.archlinux.org/title/Bubblewrap/Examples
   57    -1 -   https://docs.flatpak.org/en/latest/sandbox-permissions.html
   58    64 -   https://github.com/ruanformigoni/flatimage/
   59    65 -   https://github.com/netblue30/firejail
   60    66 -   https://github.com/igo95862/bubblejail