Package: wnpp Severity: wishlist Owner: Simon McVittie <s...@debian.org>
* Package name : xdg-app Version : 0.4.8 Upstream Author : primarily Alex Larsson and Colin Walters * URL : https://wiki.freedesktop.org/www/Software/xdg-app/ * License : LGPL-2.1+ Programming Lang: C with GLib Description : Application deployment framework for desktop apps xdg-app installs, manages and runs sandboxed desktop application bundles, primarily those from a source outside the main distribution. Application bundles run partially isolated from the wider system, using containerization techniques such as namespaces to prevent direct access to system resources. Resources from outside the sandbox can be accessed via "portal" services, which are responsible for access control; for example, the Documents portal displays an "Open" dialog outside the sandbox, then allows the application to access only the selected file. Each application uses a specified "runtime" (set of libraries), which is available as /usr inside its sandbox. This can be used to run application bundles with multiple, potentially incompatible sets of dependencies within the same desktop environment. --- I'm currently intending to put this under the pkg-utopia team alongside D-Bus and polkit, but if anyone else wants to get involved, co-maintainers and other suggestions are welcome. Development is currently led by GNOME people, but xdg-app itself isn't GNOME-specific (there's been interest from KDE, for instance). The authors of GNOME Software intend to add the ability to automate installation of xdg-app runtimes and apps at some point (I'm not sure whether it has been added upstream yet or whether it's just planned), which would make the xdg-app library a dependency. At this stage I'm only intending to target experimental. Until our kernel maintainer considers unprivileged user namespaces to be an acceptably small risk to be on by default, using xdg-app requires either adjusting the kernel.unprivileged_userns_clone sysctl or making xdg-app-helper setuid root. I'm not intending to automate this for the time being - developers who work with experimental know what balance of risks they're happy with.
