Comment 9 for bug 1709164

Simon McVittie (smcv) wrote :

> I woudl split them in a separate package as they don't need to be installed by default, but it's up to you.

Sorry, I am not willing to put this package through the Debian NEW queue just to split out a few KB of examples into a separate binary package, and I suspect the ftp team would take a dim view of this: the size of the archive metadata required to describe that binary package would the same order of magnitude as the size of the package itself. If they are considered to be a serious problem for some reason, then I'll delete them altogether, and just patch in the README.

The demos are re-included via debian/dist/ (older versions) or debian/patches/dist/ (newer) because I was looking at packaging a git snapshot in experimental, and happened to notice that they are shipped upstream but were accidentally not included in tarballs. I also contributed a patch upstream to include them in `make dist`, and that patch has been merged.

I believe flatpak.bpf is a snapshot of the seccomp filter that was set up by some random older version of Flatpak, and accompanies flatpak-run.sh to make flatpak-run.sh more closely resemble what Flatpak actually does. bubblewrap takes seccomp filters as input in binary form rather than building them using libseccomp, because bubblewrap is (initially) highly privileged, so library dependencies are minimized to reduce attack surface; instead, the unprivileged Flatpak binary links libseccomp and constructs the filter itself.