When you build with a web runtime as a base, you actually have less to do than what I see being planned for the Librem 5. A web runtime is itself a compositor, you donât need an extra one.
There already are compositors/DEs available, KDE and XFCE, which Purism are using.
A web runtime is a very good sandbox for running untrusted code (your remark on security is ridiculous).
Something like 80% of the remote code execution CVEs for firefox are related to malicious Javascript. Here is an example:
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
âexecute arbitrary code by leveraging improper interaction between JavaScript code and an SVG documentâ
https://www.cvedetails.com/cve/CVE-2016-5281/
Why should a web browser, arguably the most used piece of software other than a TCP/IP stack be running arbitrary code from the Internet? Heck, most of the scripts being run when you go to a webpage in a vanilla browser you arenât able to audit before you run them.
There is a lot more manpower focused on making the web platform performant and secure than Linux desktops.
Completely dependent upon what you mean by âLinux desktopsâ. See this as well as to why we should be focusing on computing the user does and not what some web server does.
The homogeneity of the platform is a huge benefit, as shown by extensions that work on any web site. Try doing that with native apps.
XOrg and by extension wayland do the same.
Writing responsive apps is not a new, breakthrough thing on the web.
Nah, itâs more of a security concern when you add javascript into the mix. Remove the browser running arbitrary code (eg. JS) and itâs not. CSS and other technologies (read: PHP) can make the page responsive by having code run on the server side (Also notice that Javascript being run by the user is bad simply because it is untrusted and does not come from a party that we can verify, where as the compositor in KDE is sort of trustworthy because it comes from a software repository).
The state of responsive UI with Gnome/KDE is so far behind itâs not even worth talking about it.
Thatâs a pretty good strawman.
But even if you donât want to go as far as building fully on a web stack, you will need a web browser. And since many useful apps/services will be available only the web, you will need a browser with proper integration in your DE: adding bookmarks to the homescreen, managing notifications, permissions, etc.
I donât see why that should be handled by the DE. If anything, the DE should be sandboxed away from most information about the user, only to serve itâs purpose â to composite windows and manage workspaces.
And since many useful apps/services will be available only the web
See this as to why that should be reduced.