Dear all,
there is a [Geany FlatPak](https://flathub.org/apps/org.geany.Geany) available. Unfortunately, it is not officially maintained like others (e.g. [Firefox FlatPak](https://flathub.org/apps/org.mozilla.firefox), [LibreOffice FlatPak](https://flathub.org/apps/org.libreoffice.LibreOffice) or [digiKam FlatPak](digiKam)).
I would appreciate that very much. I expect high security as well as an up-to-date release (including all used libraries and such) of an official package.
Thank you!
Repeating what has been said before, Geany is a volunteer project, so unless someone contributes code/scripts to support a process that the available resources of Geany can accommodate then it won't happen. The only distribution packages the project makes are for Windows and Macos because those platforms do not have a history of distribution of open source code and because two individuals are willing to do the work to make them each release. If nobody does it then those will not be made either.
Until one or more individuals contribute the effort to make flatpacks, appimages, snaps, debs, RPMs, Nix etc each release, the project will not be making any of them.
As for your expectations, Firefox is supported by Mozilla, Libreoffice by the document foundation (with over 1MEuro income 2022), digiKam by KDE so you should expect commercial quality standards and security for those.
For a totally volunteer project where everyone is contributing in their own time like Geany, you probably should only expect "some reasonable endeavours". And in the end remember the license (for almost all open source software including those above) says "This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.".
But in particular on security, remember Geany is an IDE, as part of its normal operation it can run arbitrary programs, usually programming language tools, but in theory anything, and then it runs the most dangerous code of all, that in development by the user, especially mine :grin:, so security is a moot point.
Because one could counter that the examples of officially maintained FlatPaks mentioned above are not _community driven_ (i.e. a single persons or just a few ones) but maintained by an organisation resp. a company, here are other examples:
- [KeePassXC](https://flathub.org/apps/org.keepassxc.KeePassXC) (community) - [Strawberry Music Player](https://flathub.org/apps/org.strawberrymusicplayer.strawberry) (solo) - [fre:ac](https://flathub.org/apps/org.freac.freac) (solo) - [FSearch](https://flathub.org/apps/io.github.cboxdoerfer.FSearch) (solo) - [Qalculate! (GTK UI)](https://flathub.org/apps/io.github.Qalculate) (solo) - [Metadata Cleaner](https://flathub.org/apps/fr.romainvigier.MetadataCleaner) (solo)
But in particular on security, remember Geany is an IDE, as part of its normal operation it can run arbitrary programs, usually programming language tools, but in theory anything, and then it runs the most dangerous code of all, that in development by the user, especially mine 😁, so security is a moot point.
Well, yes. But compiling a complex package should ensure that all used frameworks and included libraries are also safe and up-to-date, not just the core source code. (This is why I have doubts about several FlatPaks, and other binaries like Snaps or AppImages provided (here or) elsewhere.)
Well, to repeat myself, auditing libraries and frameworks, producing flatpacks, or any such tasks can be done, but __somebody__ has to do it. So far nobody who contributes to Geany has the interest and/or the time to do these things instead of whatever else they contribute, or it would be done. Remember also that these are ongoing repeated tasks, so contributors need to be willing and able to do that, at least for the reasonably foreseeable future.
Understood. I know that it's a community driven project and I value it. I appreciate the effort of the contributors. (Yes, it's voluntarily, they don't have to…)
I just wanted to make clear with the first reply there actually are projects with officially maintained FlatPak releases (even solo projects). And with the second reply that also an application like Geany could have security flaws due to frameworks and libraries. (This is what I rather like at Linux distribution with good repository management — and what is a disadvantage and potential risk of FlatPak, Snap, AppImage.)
I appreciate the effort of the contributors. (Yes, it's voluntarily, they don't have to…)
Yes, they don't have to, and can't be told to ... its one of the joys, and the pains, of such projects.
I do totally appreciate large companies contributing to open source software, but their employees _can_ be told to. And that has set certain expectation levels around all open source, so when you asked for something (nicely and politely, thank you :-) and quoted several such projects and your expectation level it was important to ensure you didn't expect a certain level of response, and when it wasn't forthcoming tell everyone "I asked those Geany [...]s and they did nothing". User expectation management, also one of the joys and pains of volunteer projects. :grin:
Also maybe you might have been the "somebody" if you cared enough and had enough time and skills, oh well, can only ask.
(This is what I rather like at Linux distribution with good repository management — and what is a disadvantage and potential risk of FlatPak, Snap, AppImage.)
Totally agree.
Closed #3905 as completed.
Just for the records, there is a long story in https://github.com/geany/geany/issues/1303 about AppImages and Flatpaks.
I don't think it is likely that we (Geany maintainers) will provide a Flatpak package officially. We don't have so much resources (in terms of time) and nobody of us (as far as I know) uses Geany via Flatpak. And so the motivation to invest time for having a well maintained Flatpak image is rather low.
And all what @elextr said.
github-comments@lists.geany.org