Combining containerized desktop applications with a mature distribution model
We finally have most of the groundwork laid for sensibly containerizing desktop applications, which bring with them some desirable (and overdue) new security properties, often inspired by the mobile “app” ecosystems. Also inspired by these is a new software distribution model that promises software developers more immediate access to their end users, faster update cycles - and, in some cases, “paying only one bridge troll”.
Concerningly, these new systems (e.g. flatpak and snap) are sometimes being used as a way of shirking the system integration responsibilities that Linux distributors have traditionally held. It is up to us to demonstrate once more that a Linux distribution like Debian is more than an annoying gatekeeper, that our methodical system integration and continuous security work are a value-add for the discerning customer (especially one who plans deployments in the traditional distributor/site administrator/system administrator tiers), and that we want to embrace newer security models and take on the challenge of updating our processes accordingly.
I hope to present some early work in this area, and get a wider discussion started within the Debian project.