Seriously, after SystemDOS, what could I except for thoses LazyUSERS trying to act as system-admin (sorry to people that need to work with thoses tools).
I know theses tools can help thoses that doesn’t want/know-how to do sys-admin, but seriously. Most people do know how to use a package manager to install few apps. (Otherwise people would not use App Store, Android Market^W^WPlay Store and various organisations would not try to use them for whatever product).
Also with this types of tools(I’ll call them lazy-pkgs) you reduce security to almost nothing. Yes, AppImage doesn’t use root privileges, it doesn’t make it unharmfull, it can still do damage (like bumblebee/optimus and steam removing everything in the home directory). Yes, docker binairies doesn’t directly use the kernel and already available tools, well how do you expect lazy-pkgs to manage security flaws? (Try to imagine another heartbleed, shellshock, …). I heard docker as a daemon(which looks like a systemd clone that works on top of systemd, how meta).
For a simple comparison here is what package managers I met for a long time have:
And here is what lazy-pkg have(From what I’ve heard, as I don’t want theses.)
Well, not hard to notice that it as many thing removed. Poor security, customisation and filesystem tidyness(as packages are no longer managed by a tool). It’s somewhat even worse than Windows (XP, dunno later versions) as with this horrible-ness you still had dependencies(.NET Framework, DirectX, VisualBasic, …) and you still could remove and choose a bit of what’s in your system. Now if the NSA, DGSI, GRU or any other government (secret) agency want a huge backdoor they just have to ask the maintainer, even less people would notice as it’s more obscure.
Also, for the time being lazy-pkgs are being used by commonly trusted organisations. But what if non-trusted but mandatory(like drivers) organisations start using your tools like they so badly do with .deb and .rpm (and sometimes with tarballs)
I understand the idea of doing one package for tons of distros, but you’re doing it wrong. I think if you still want lazy-pkgs you should make/re-use a separate package manager(like pip for python, luarocks for lua, gem for ruby, …).
Anyway stay with Blob, I’ll keep building everything from source (so I can verify it’s really Open-Source), even non-executables like documentation and keep blobs into a separate system and say that I want OpenPGP for the gentoo repo.