Video Takeaways: - Don't get locked out of your account. Download your recovery codes or add a passkey so you don't lose access when you get a new device
Or block commenting until the viewer watched a certain % of the video (without skipping around), I bet that would increase the overall comment section quality by a lot too.
5:56 "you dont want a flatpak developer to have to download *every* single other manifest just to be able to modify their own" nixos: challenge accepted
I want to clarify why the commit is there. The initial commit exists because the developers base their commits ontop of the original commit. The bot just copies over the branch of the Pull Request to the new repo. The reason why the commit doesn't show up in the Pull Requests is because it already exists in the repo and Github only displays the changes.
@@BrodieRobertson I had to go back and rewatch that part a second time. Second time through, it was clear that's what you were saying, but the first time through, I wasn't sure if you realized that. Also, fun fact, it's actually completely possible for two branches on a repo to have different initial commits, it's totally fine, works. But you cannot merge from one history to the other.
Not exactly, see the second time he highlighted "ready" and "blocked", unlike the first time, so I'm guessing he usually does this process of saying basically the same thing multiple times, if he thinks he missed an important part, and then didn't notice while editing that he kept both parts...
Well this was actually useful to me because I'm still making that paw project I once got you to look at in stream (possibly a year ago now). I plan to make that project use all the packaging formats, both as a kind of OCD of mine and a learning experience. Currently I'm working on a test project for a custom allocator so I haven't made any commits recently but the API is basically nailed down on the essential parts. Just got some bugs to iron out then I can use it as a reference to implement in paw and finally switch from the snail pace I've been using to a tortoise pace instead :)
I actually make these initial commits standard practise whenever im creating a new repo. You never know if you one day want to make a docs branch or something and want to make it very obvious when you try to mix the two branches.
I discovered the submission process for flathub some time ago when I wanted to report a bug with an application and noticed the repository I ended up on was in the flathub organisation, which quickly lead me to discover that (almost) all of the flathub apps were there. I somehow missed the part about the initial commit, but that actually makes a lot of sense now, they just take the PR branch and turn that into a new repository.
15:49 direct upload existed even before that, but tokens needed to be handed out by Barth (an admin) so it was a bottleneck before that change. Pushback on direct uploads was also significant (especially at fosdem) so it's a thing that's not documented for a reason, you will need to get in touch if you want it and flathub might still decline.
6:29 Makes me question how Google does its internal stuff because as far as we know, they have ONE GIANT monorepo for nearly all their stuff and different services.
I think what was missing from this video was looking more at the push to have verified upstream apps, like Firefox, OBS, Discord etc. Having verified apps is more likely to not use this PR system with these commits.
@@JessicaFEREM Bold words for an anti-foss tourist that got so comfortable in the community to act as he owns the place. But, I guess, now community is taken over by corpos and their tourists, it is effectively dead, just like western gaming and other entertainment media.
3:00 So, entire Flathub is designed to be entirely dependant on M$ infrastructure and is aggressively pushed as centralized primary software source for all Linux distros... what could go wrong?
@ I'm no expert in their maintainer system, but i saw that they're using the github code owners feature for important packages like libraries or compilers and then they use their own CIs and tools for all other packages, i believe. Every new package maintainer is defined and added in a maintainers nix file and then a reference is added to the respective package's build files. This allows everything to be evaluated using nix. The repo has super high traffic with thousands of contributors and over 100k packages so this seems to work out somehow, it's crazy
Hi! Thank you for the video! ❤ There is some uncut clips at 2:24 and 9:32 thats be nice if you can edit it out (TH-cam has after-publish video editor for that) Thank you for your videos 😃👍 ❤
Only if there is an escalation attack vector, which would hopefully be patched. I'm not aware of any fundamental flaw in the sandbox itself. If a malicious app were to try and attack they would more likely trick the user into giving more permissions than necessary, but that would be considered malware and should be found and removed from the flatpak repository.
Any sufficiently complex piece of software created in the real world is going to have bugs, and then it's kind of a numbers game as to whether any of those can result in security issues. So: probably yes, but any known ways to do it no longer work on the latest version. New ways will almost certainly be discovered in time.
Video Takeaways:
- Initial commit, Matthias Clasen, alexlarsson
Yes, thisguy726
Video Takeaways:
- Don't get locked out of your account. Download your recovery codes or add a passkey so you don't lose access when you get a new device
Video Takeaways:
- always upload directly to the other hub
yt should add a feature where creators can block how old an account needs to be so they can comment. Most of the bots are like 1hr old
🤯
That would make sense. We'll be having none of that.
Brief look at the YT API says that a CS101 student could probably do it very easily.
ThioJoe yt-spam-purge software ftw, I don't know why more people are not using it.
Or block commenting until the viewer watched a certain % of the video (without skipping around), I bet that would increase the overall comment section quality by a lot too.
5:56 "you dont want a flatpak developer to have to download *every* single other manifest just to be able to modify their own"
nixos: challenge accepted
Thankfully that's something Flakes will fix once it's stabilized in 2038
I really need to try out NixOS, but I feel like the initial commit-ment is very big. Bad pun intended.
This video was actually initially uploaded by Matthias Clasen and Alex Larsson.
Take a shot everytime Brodie says "Initial commit, Matthias Clasen and Alex Larsson" challenge ✨
Thanks, now I need a new liver.
"Man I'm dead" aah situation
My liver has ouchies now...
Never thought I'd show up on a Brodie Robertson Video 😅😅
Submitted the Dino flatpak initially, nowadays maintained by devs themselves
I want to clarify why the commit is there.
The initial commit exists because the developers base their commits ontop of the original commit.
The bot just copies over the branch of the Pull Request to the new repo.
The reason why the commit doesn't show up in the Pull Requests is because it already exists in the repo and Github only displays the changes.
That's basically what I said
This is very succinct and pity. Well done.
@@BrodieRobertson I had to go back and rewatch that part a second time. Second time through, it was clear that's what you were saying, but the first time through, I wasn't sure if you realized that.
Also, fun fact, it's actually completely possible for two branches on a repo to have different initial commits, it's totally fine, works. But you cannot merge from one history to the other.
Intital commit, matthias clasen, Alexander larson
Instructions unclear uploaded my app to this orange looking hub unsure how to install
So this is how I found out virtmanager is available in Flathub huh
also firefox...
Same, I remember struggling with that on my Kinoite system, and just using Boxes instead 😅
Flathub is weird.
Which is why I use the other hub.
You mean Github.
@@thingsiplay Ah yes, of course!
The… round hub?
flathub is like the worst parts of the play store and the app store brought together and moderated even less strictly
I'm sure you mean the one for maize related projects
2:24 Is it just me or there's the same section of the video repeated twice here?
half (meaning a "fixed" version of the clip) the same at 9:32
Not exactly, see the second time he highlighted "ready" and "blocked", unlike the first time, so I'm guessing he usually does this process of saying basically the same thing multiple times, if he thinks he missed an important part, and then didn't notice while editing that he kept both parts...
It’s so confusing I thought I was going crazu
First time?
Dementia
This is the content that I am subscribed for!
Looks at video title "oh i know why, it makes octopus merging easier"
Someone should make a version of this video, every time he says Matthias Clasen and Alexander Larsson the video gets sped up by 2x.
Well this was actually useful to me because I'm still making that paw project I once got you to look at in stream (possibly a year ago now). I plan to make that project use all the packaging formats, both as a kind of OCD of mine and a learning experience. Currently I'm working on a test project for a custom allocator so I haven't made any commits recently but the API is basically nailed down on the essential parts. Just got some bugs to iron out then I can use it as a reference to implement in paw and finally switch from the snail pace I've been using to a tortoise pace instead :)
I actually make these initial commits standard practise whenever im creating a new repo. You never know if you one day want to make a docs branch or something and want to make it very obvious when you try to mix the two branches.
_This video hurts my head_ 😵💫
Matthias Clasen and Alex Larsson!
Year of Brodie correction vids?
I am shocked that no one seems to have noticed that this commit was made on, of all days, April 20.
Not everyone over-sample on 420 being of significance. 😂
I discovered the submission process for flathub some time ago when I wanted to report a bug with an application and noticed the repository I ended up on was in the flathub organisation, which quickly lead me to discover that (almost) all of the flathub apps were there. I somehow missed the part about the initial commit, but that actually makes a lot of sense now, they just take the PR branch and turn that into a new repository.
If you say their names any more I may go insane.
Matthias Clasen and Alexander Larsson
15:49 direct upload existed even before that, but tokens needed to be handed out by Barth (an admin) so it was a bottleneck before that change.
Pushback on direct uploads was also significant (especially at fosdem) so it's a thing that's not documented for a reason, you will need to get in touch if you want it and flathub might still decline.
6:29 Makes me question how Google does its internal stuff because as far as we know, they have ONE GIANT monorepo for nearly all their stuff and different services.
They probably have a purpose-built tool so the dev can check out the stuff they actually want to work on/need.
Yes, I think Google is not using git, but mercurial.
the `flatpak` command doesn't even have a dedicated `info` or `show` subcommand to view package information, it needs *better subcommand options*
Hello, brodie. Im watching you
Watchdog
I think what was missing from this video was looking more at the push to have verified upstream apps, like Firefox, OBS, Discord etc. Having verified apps is more likely to not use this PR system with these commits.
Extreme Tux Racer mentioned?!
Would you judge a person by whether they say "GNU/Linux" or "Linux"
yes I would. anyone who says "GNU/Linux" is a stallmanite and what they say should be disregarded.
I don't personally care but I'm never going to say Gnu/Linux as a serious name
The only time you say that is when you refer to GNU/Linux in relationship to non-GNU Linux systems such as Android. Or if you're Stallman.
@@JessicaFEREM Bold words for an anti-foss tourist that got so comfortable in the community to act as he owns the place. But, I guess, now community is taken over by corpos and their tourists, it is effectively dead, just like western gaming and other entertainment media.
I'd definitely judge anyone saying "Lignus"
The submission process was certainly the strangest i've ever been through. I'd have appreciated some better documentation on the process.
5:55 Nixpkgs maintainers crying rn
tl;dw: There is a skeleton repo you clone as part of setting up a flatpak. That's it.
Rename master to do-not-merge?
Template repositories are pretty normal for this sort of thing.
3:00 So, entire Flathub is designed to be entirely dependant on M$ infrastructure and is aggressively pushed as centralized primary software source for all Linux distros... what could go wrong?
Thank you Brodie.
why do they call it Flathub when you flat of in pak out eat the software
Brodie my beloved
5:50 but all of this is possible! :D see the massive nixpkgs monorepo, specifically the maintainers/ folder
That must be a massive pain...
@ I'm no expert in their maintainer system, but i saw that they're using the github code owners feature for important packages like libraries or compilers and then they use their own CIs and tools for all other packages, i believe. Every new package maintainer is defined and added in a maintainers nix file and then a reference is added to the respective package's build files. This allows everything to be evaluated using nix. The repo has super high traffic with thousands of contributors and over 100k packages so this seems to work out somehow, it's crazy
8:38 someone forgot to take out the clip with the mistake and ended up with almost the same clip twice :P
Is Flathub tied to Github?
Mostly and historically but now there's support for direct app uploads
Is it just me or does he repeat himself every other statement? He repeats himself on showing the 2017 commit multiple times
Hi! Thank you for the video! ❤
There is some uncut clips at 2:24 and 9:32 thats be nice if you can edit it out (TH-cam has after-publish video editor for that) Thank you for your videos 😃👍 ❤
9:32 appears to be different, but there was a mistake at 2:24
Is it true that Flatpak permissions and sandboxing can be bypassed?
Only if there is an escalation attack vector, which would hopefully be patched. I'm not aware of any fundamental flaw in the sandbox itself. If a malicious app were to try and attack they would more likely trick the user into giving more permissions than necessary, but that would be considered malware and should be found and removed from the flatpak repository.
Look, any program that can read or write a file in your pc isn't truly sandboxed
Look, any program isn't truly sandboxed
Any sufficiently complex piece of software created in the real world is going to have bugs, and then it's kind of a numbers game as to whether any of those can result in security issues.
So: probably yes, but any known ways to do it no longer work on the latest version. New ways will almost certainly be discovered in time.
only if there are vulnerabilities
Matthias Clasen and Alex Larsson
Must commit with best shortest message. I am weirdo from github moved to own gitweb.
No one cares.
_PST🌆8PM Jan 13th 2025_