Comment by westurner

Open standards for modern software management include: schema.org/SoftwareApplication , W3C Verifiable Credentials, Sigstore, SLSA, and OCI Artifact registries which already support signatures.

There are various tools which sideload APKs over HTTPS without any checksum or signature (e.g. from GitHub releases instead of from for example an OCI Registry) which are as reckless as curl | sh.

Couldn't bash and zsh run in a container2wasm WASM container that, in a browser tab without install, gets its own SELinux security context like all apps since Android 4.4+?

Does ls -Z work in Android Terminal (or termux, or the ChromeOS term)?

Students and Family Link accounts are currently denied access to containers on Chromebooks.

So on a Chromebook the same curriculum is limited to JupyterLite in WASM which almost works offline in a browser, instead of a local repo2docker container or a devcontainer.json (because there is no money for students to have server resources (like shells, CI, GitLab+k8s resource quotas) other than their provisioned computer).

container2wasm: https://github.com/container2wasm/container2wasm :

  $ c2w ubuntu:22.04 out.wasm