title: app distribution mechanisms subtitle: how to securely and efficiently package and distribute applications, libraries, &c.? date: 2018-02-10 tags: technology

there are two major camps in this debate: dynamic vs static libraries. there are some trade-offs between the two, so it really depends on what you are optimizing for.

the packaging style encouraged by building dynamically linked binaries allows the package manager to replace `zlib.so` exactly once for the entire system. as long as the abi doesn't change, no recompilation or reinstallation is required for any other packages. this saves both disk space and compute utilization. however, it also makes isolating applications difficult. developers and maintainers have to coordinate creating complex MAC profiles for every application which have to be debugged and tested for usability.

desktop linux distributions have enjoyed the benefits of relative obscurity for a long time, limiting their exposure to targeted malware. *linux can be very secure*, but the defaults for most linux distributions are not. some popular applications have AppArmor and selinux profiles available, but, in my experience, very few users are willing to spend the time to secure their systems at all.

some of the newcomers to this space include: Docker, LXD, FlatPak, AppImage, nix, and others. each of these share some common traits, including a focus on immutability and isolation. the biggest trade-off here is disk and network utilization. transfer size can be minimized using a variety of delta-compression techniques.