flatpak-cve-checker VS mpz

Parsing the manifest for vulns is doable. Here I wrote one: https://github.com/TingPing/flatpak-cve-checker

If Debian (or whatever org/group/project/initiative that) provides the images has a security policy, they can extend that to the images too.

Users don't run CVE checkers [0], at best they reluctantly click on the update button. Of course the authoritarian evergreen auto-update thing is what actually works in practice.

For example as much as snap's UX sucks it does auto update by default.

[0] Though they could, as files in container images are trivially accessible, after all it's their purpose. Plus there are metadata based approaches: https://github.com/TingPing/flatpak-cve-checker (plus the Flatpak project already spends some energy on ensuring that the base image is chechekd against CVEs https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/jobs/18... ) of course duplicating this effort, and building a parallel world besides packages is not ideal, but

You can try https://github.com/olegantonyan/mpz/, it doesn't have "traditional" media library, but the filesystem is already a "library" when combined with playlists management, and this is the core idea of the player

Perfect! Thank you! This seems to work https://github.com/olegantonyan/mpz/commit/6210d5965f72c16301c858a2724984507cd4fe15

As Linux user and app developer (shameless plug https://github.com/olegantonyan/mpz/) I deliberately avoid snap/flatpak/appimage/etc.

Instead, I suffer with Open Build Service https://build.opensuse.org/. It's kind of cool, free and can build for multiple distros, but making it actually do so is a pain. But I still prefer this over flatpak&co both as user and as developer.

It just doesn't look like "the future of application distribution", https://nixos.org/ does.