Poettering: Revisiting how we put together Linux systems

Signed distro packages say "something"... maybe not much if some source packages came from sourceforge or somebody's USB stick or whatever, but something. People have rallied around distro security policy as their starting point for their system being clean, rightly or wrongly.

If Gnome put out a sort of layer of stuff I can install and run as a unit, that does sound useful, however they might sign the image but the process that sourced and created the contents is kind of opaque and unrelated to how a distro functions.

Obviously it differs but at heart this is not a million miles from "some kind of filesystem apk", and Android has to expect they are malicious, control their system access with an enforced manifest you can inspect before installation, etc. Something like that also seems to be needed here.