Application developer should be able to package and distribute the app. See how easy it is for casual user to download and install any application on windows. Maintainers cannot scale and depending on them will just hold back Desktop Linux
Flathub is not unvetted. Every submission goes through human review. If a piece of software requires an unnecessary permission (i.e. if someone submits an alarm clock program that requires home folder access and internet access), it will get rejected. If a developer updates their software and changes the required permissions, the update won't get pushed to users until it goes through human review.
Besides this, for open source packages, the code gets built on Flathub's build servers without internet access. The source code associated with a given Flathub package version must be either a specific Git commit (verified with a commit hash) or a release tarball (verified with a sha256 hash). This means that it's always possible to verify that the code a developer publishes corresponds to the binaries being shipped to users. Closed source packages get a big warning on their Flathub pages saying that the program's code is proprietary and not auditable.
With the traditional distro packaging model, the requirements to become a maintainer are stringent and there's human review when a package is added, but there's typically no review after that point. If you'd like a recent example of the drawbacks of this system, see here: https://security.opensuse.org/2025/05/07/deepin-desktop-remo... . After the OpenSUSE security team rejected certain components of the Deepin DE for containing major security problems (including multiple root privilege escalation vulnerabilities), the Deepin maintainer smuggled them in anyway through an innocuous looking package called "deepin-feature-enable" and nobody in the security team noticed for several years. I'm not trying to call out the OpenSUSE security team here, I'm sure they don't have the resources to vet random packages. I'm saying that expecting maintainers to never ship malicious code because they went through the process to become a maintainer is a weakness of the traditional distro packaging model.
They do to some extent in the larger distros, but for proprietary/binary packages they don't have much chance anyway unless they are willing to do some pretty time-consuming forensics.
Plus the app developers at least have some level of accountability. Like when JWZ got into it with Debian (can't link here). You might think you are running XScreensaver from the great Zawinski, but no you are actually running some weird fork from godknowswho, hopefully not Jia Tan.
You got downvoted but yes, it's quite sad when distros release a package under the same name as the original but with their own set of patches. I think they should rename the package when they do that, even just a prefix/suffix with the distro name would be nice.
Using the in-person book club example, I'm having a hard time imagining a scenario where 1) nobody pays anything to anyone, 2) the same person hosts every meeting, 3) food and/or drink is provided and not pot luck style.
If you're in an in-person book club you'll be paying money either directly or indirectly. Small sums absolutely, but still something. This seems comparable in cost.
> Using the in-person book club example, I'm having a hard time imagining a scenario where 1) nobody pays anything to anyone, 2) the same person hosts every meeting, 3) food and/or drink is provided and not pot luck style.
Sorry, where in the original link are they providing food? I might be more interested in that case. :D
It's wild to me that you can't imagine a non-transactional club. Do you not have groups of friends? Sure, there's some give-and-take in every healthy group, but the idea that it somehow needs to be monetized is absurd.
I'm not talking about monetization, I'm talking about there being a cost no matter what. It can absolutely be "free" but someone's making food or using their space to host or something else.
Au contraire, I understand that organizing a community takes time and effort.
I just don't feel that the rewards I receive from community organizing are monetary, and certainly don't need to be.
Nor do I want to be part of a community whose organizers are only motivated by money and don't even see any other form of motivation as valid. If that's how you see yourself and the community you're organizing, that colors everything you do and it makes you a bad community leader.
There is not monetary model behind the community. If you read again my comment, you will see that the intention is only to maintain the operational costs by everyone together and a fee is way of getting commitment from everyone.
I basically organise the community because I enjoy reading books and sharing opinion with other professionals, that's it.
I hear what you're saying and I genuinely believe that is your intention.
But your execution doesn't match that intention. What you have created is a business. You're talking about "commitment"--that's a business concern. "Sustainability"--also a business concern. I've had plenty of rewarding conversations about engineering books with people who I never saw again, and I've gained a lot of knowledge at book clubs that no longer exist. A lot of that knowledge came from people who only showed up once.
What you lose when you demand commitment and sustainability, i.e. a business model from your book club, is spontaneity and diversity. The kind of guy who commits himself to a book club every week for years is going to miss the life experiences that give context to his work. It's how you end up with solutions that are perfectly engineered to efficiently do the wrong things.
One of them involved going through fast.ai. Tech companies were happy to host us for free.
Another was about doing Kaggle competition to practice ML with fellow newbies. Again, tech companies allowed us to use their space after hours, or we'd just to the library and book a room for free.
Vice versa other groups that revolve around learning specific languages or going through specific technical books.
And if you're really lucky, a large corporate enterprise will let you have hosting space for _free_ at _very specific times_. Otherwise, you must find local community resources who usually:
1. Charge a fee
2. Request you do something for them in exchange (run some publicity, sweeping floors, etc.)
Why should it void warranty? It must not void warranty unless apple can prove that unlocking/tinkering was the real cause of damange. Don't give up on your rights easily folks
VPNs and hybrid architectures exist for a reason. If 99% of your IT infra is boring crap but you have this one special unicorn machine, maybe throw it on an employee's fiber connection and set up a point-to-site VPN for that machine.
Does it make sense to abandon the entire cloud because of 1 use case?
I was never on cloud. I have a big home with fiber connection and some backup connectivity. Setting up new server is like $50/year in electricity. If project works I will sell it, and let new owner deal with cloud and scaling it up!
Just reading price list from cloud providers gives me a headache. We will charge you between X and Z, and hopefully you will not bankrupt on next bill. Also we may terminate services anytime for whatever reason.
> unicorn machine
If you have a specialized startup, that is 90% of your cost! Not some sort of unicorn single machine. If you can use consumer grade hardware without extra cost, that is major competitive advantage!
> VPNs and hybrid architectures
What is that? Do I have to study that? Seems like a major obstacle!
That unicorn machine had better not use unicorn data transfer. Transferring an average of 100Mbps from S3 to your unicorn? That will cost you $1-3k / mo depending on how you configure it and what tier you’re in. Never mind that buying the hardware to sustain these data rates at home or in the colo is so cheap as to not even be worth mentioning and can easily be done on 20-year-old gear.
Of course, those prices to rapidly up if you use serious data. Want to train your fancy ML model to draw cats based on your giant data set of customer cat photos stored on S3? Want to do it on your nice nVidia box at home? That, by itself, might cost as much as an expensive Silicon Valley FTE who could manage an entire installation in a colo facility nearby.
