1 |
Hi! |
2 |
|
3 |
On Sat, 6 Oct 2018 14:17:50 +0300 Mykyta Holubakha wrote: |
4 |
> I'm proposing to add a new eclass: appimage.eclass, to facilitate |
5 |
> extraction off AppImage bundles. The rationale is that some upstreams |
6 |
> have migrated to distributing their proprietary software exclusively as |
7 |
> AppImage bundles. (for instance dev-util/staruml-bin). |
8 |
> |
9 |
> An example ebuild can be seen at https://git.io/fx3Mg |
10 |
> |
11 |
> I'd like to ask the following questions: |
12 |
> |
13 |
> 1. Can I put myself and proxy-maint under @MAINTAINER (or do I need to |
14 |
> find a gentoo dev)? |
15 |
|
16 |
Likely no. We have no such eclasses right now. Eclasses have more |
17 |
strict requirements than ebuilds, e.g. they should not be changed |
18 |
without a prior ML discussion except for project-specific eclasses. |
19 |
|
20 |
> 2. Are we OK with executing AppImage bundles downloaded from the |
21 |
> Internet (an alternative would be to implement a proper extractor |
22 |
> program, which would unpack the images without executing them, and add |
23 |
> it to DEPENDs). |
24 |
|
25 |
This would be a considerable security risk, so no. You should use |
26 |
some extractor. Looks like appimage carries filesystem inside with |
27 |
some offset. |
28 |
|
29 |
Best regards, |
30 |
Andrew Savchenko |