Hi! On Sat, 6 Oct 2018 14:17:50 +0300 Mykyta Holubakha wrote: > I'm proposing to add a new eclass: appimage.eclass, to facilitate > extraction off AppImage bundles. The rationale is that some upstreams > have migrated to distributing their proprietary software exclusively as > AppImage bundles. (for instance dev-util/staruml-bin). > > An example ebuild can be seen at https://git.io/fx3Mg > > I'd like to ask the following questions: > > 1. Can I put myself and proxy-maint under @MAINTAINER (or do I need to > find a gentoo dev)?
Likely no. We have no such eclasses right now. Eclasses have more strict requirements than ebuilds, e.g. they should not be changed without a prior ML discussion except for project-specific eclasses. > 2. Are we OK with executing AppImage bundles downloaded from the > Internet (an alternative would be to implement a proper extractor > program, which would unpack the images without executing them, and add > it to DEPENDs). This would be a considerable security risk, so no. You should use some extractor. Looks like appimage carries filesystem inside with some offset. Best regards, Andrew Savchenko
pgp8uIcWqqK7i.pgp
Description: PGP signature
