Stepping down from maintainership #33
Comments
|
Jurf: per your request I've removed your write permission for this repo. |
|
Thanks @jurf for your hard work up to this point! |
|
Anki as a flatpak was great. Thanks @jurf. Anki should benefit a lot from sandboxing because in Anki users often install add-ons by many different creators. Anki add-ons have all the permissions of Anki. As far as I see Anki add-ons are not vetted before they are downloadable. Anki recently (in versions after 2.1.15) started to show a dialog to users when newer versions for installed updates are available and to install them you just need to press "ok" in said dialog. Since Anki checks for new add-ons daily once a anki-addon-developer account has been captured malicious add-ons should be distributed to many people quickly. The anki addon download website has the warning "they are potentially malicious" but I'm not sure if this is enough ... I guess I'm missing some obvious problem or packaging policy for flathub. So sorry for wasting your time. But I wonder if the binary from apps.ankiweb.net could be used? I mean the alternative is that regular users will resort to downloading the binary from apps.ankiweb.net directly so they miss the autoupdating and easy to setup method for sandboxing. |
|
Distributing a binary is a solution, but only a temporary one. Ideally, the Flathub package would be picked up directly by the Anki devs, hopefully leaving makefiles and adopting a proper build-system in the process. Probably the easiest step forwards now would be to switch to the binary release (which is trivial) and contacting the Anki devs directly. I agree with you that Flatpak is probably the optimal distribution format for them, handing over control to them while keeping their users safe; mayhaps they'll pick up on that advice. I'll keep notifications for this repository, so I can provide advice when needed. |
|
With the move to Bazel in 2.1.36, Anki has become even harder to build since Bazel wants to access the network during the build and there's no automatic way to 'pre-download' dependencies until bazelbuild/bazel#11001 is fixed. I've asked in the forums, let's see if there's a way forward here. |
|
Just to give an update to the situation, Anki has moved away form Bazel and is now using Ninja. |
Anki has completely changed its build system, essentially creating a need to create almost a whole new package for it.
I have tried, I failed. I do not have the time for this, not now, not in the long-term.
I have pushed my relevant work into #31 & #32. The port to Qt 5.14 is done, but Anki changed its distribution even retroactively, so we cannot even build an old version on the new runtime.
Please keep this issue open until someone takes this up.
The text was updated successfully, but these errors were encountered: