Fan of Flatpaks ...or Not?
-
This post did not contain any content.
I'd take a well-maintained native package for my distro over a Flatpak, but sometimes, a Flatpak is just the the easiest way to get the latest version of an application working on Debian without too much tinkering - not always no tinkering, but better than nothing.
This is especially true of GIMP - Flatpak GIMP + Resynthesizer feels like the easiest way to experience GIMP these days. Same with OBS - although I have to weather the Flatpak directory structure, plugins otherwise feel easier to get working than the native package. The bundled runtimes are somewhat annoying, but I'm also not exactly hurting for storage at the moment - I could probaby do to put more of my 2 TB main SSD to use.
I usually just manage Flatpaks from the terminal, though I often have to refresh myself on application URLs. I somewhat wish one could set nicknames so they need not remember the full name.
-
I like the sandboxing of Flatpak, but I prefer AppImage as I don't like having the Flatpak runtime requirement.
Don't AppImages also have a similar requirement just with stuff that is already installed on many popular distros so many people just don't notice it? I think I read somewhere that running AppImages on systems that even slightly differ from the big popular distros is a pain since you still have to ship this stuff with them but it is more cumbersome than with flatpaks.
-
They always seem to have some critical limitation. Handbrake is too slow via flatpak to work. Flatpak Zoom had no camera access. Flatpak-only Zen browser can't use passkeys. Zen browser asks to be my default browser every time I open it, even though it is and I always say yes; is this a flatpak limitation? I don't know, and I'd prefer not to have to figure it out just for some theoretical benefits and more overhead.
Flatpak Zen Browser is never asking me to be the default. Maybe it did in the beginning but I don't remember.
-
A few reasons security people can have to hesitate on Flatpak:
- In comparison to sticking with strictly vetted repos from the big distros like Debian, RHEL, etc., using Flathub and other sources means normalizing installing software that isn't so strongly vetted. Flathub does at least have a review process but it's by necessity fairly lax.
- Bundling libraries with an application means you can still be vulnerable to an exploit in some library, even if your OS vendor has already rolled out the fix, because of using Flatpak software that still loads the vulnerable version. The freedesktop runtimes at least help limit the scope of this issue but don't eliminate it.
- The sandboxing isn't as secure as many users might expect, which can further encourage installing untrusted software.
By a typical home user's perspective this probably seems like nothing; in terms of security you're still usually better off with Flatpak than installing random AUR packages, adding random PPA repos, using AppImage programs, installing a bunch of Steam games, blindly building an unfamiliar project you cloned from github, or running bash scripts you find online. But in many contexts none of that is acceptable.
I thought flatpaks were created to make packaging easier, not to solve all security issues. Still sounds like a win to me.
-
This post did not contain any content.
I prefer Arch Linux's use of flatpaks, which is none at all ever
-
> plus sudden updates that nuke active applications.This is not what's supposed to happen. If an app installed through flatpak is active while it's receiving an update, then the update is not supposed to affect the running application until it's closed/restarted.Edit: Somehow I didn't realize the concern was raised against Snap and not Flatpak.
We're talking about snaps in contrast.
-
We're talking about snaps in contrast.
My bad. Thank you for clarifying!
-
Luckily this was about Snap.
My bad. Thank you for clarifying!
-
Haven't had much opportunity to have nails driven into my testicles.
Wanna meet? /s
-
This post did not contain any content.
When I open my task manager I see flatpak-session-helper near the top of the list for ram usage and am suspicious
-
> plus sudden updates that nuke active applications.This is not what's supposed to happen. If an app installed through flatpak is active while it's receiving an update, then the update is not supposed to affect the running application until it's closed/restarted.Edit: Somehow I didn't realize the concern was raised against Snap and not Flatpak.
The thread is about snap and why it's worse than flatpak.
-
This post did not contain any content.
My favorite part of the linux experience is the FREEDOM, but also being talked down to for not using my freedom correctly, I should only do things a specific way or I might as well just use windows.
-
Well, I heard that people who use flatpacks are libs. True?
Sorry, I just think it's funny that Linux users get so defensive about this stuff. You really felt insulted by this?
It was clearly trying to be insulting. I don't understand why anyone would try to start a flamewar over flatpaks.
-
Haven't had much opportunity to use snap, what's the problem with them?
And also the fact that the store backend is proprietary
-
Oh 100% but have you tried to explain how to use one to a computer novice? Like yes, the answer is usually “they should just…” but novice users will never. With flatpak, they get an experience similar to how MacOS works and a bit like how .exes work and it Just Works
️Edit: like I’ve had trouble showing people how to use the GNOME App Store which could not be any more simple. Anyone who has been convinced to install Linux already feels way out of their element so making everything feel as natural as possible is essential (and I mean, flatpaks are awesome anyway)
Wait how do you install flatpaks? I add the remote (if necessary) and then install it from there. That is nothing like I have ever seen on Windows (though apparently there are package managers).
-
I thought flatpaks were created to make packaging easier, not to solve all security issues. Still sounds like a win to me.
I mean, they added "bash scripts you find online", which are only a problem if you don't look them over or cannot understand them first... Their post is very much cemented in the paranoid camp of security.
Not that they're wrong. That's the big thing about security once you go deep enough: the computer has to work for someone, and being able to execute much at all opens up some avenues of abuse. Like securing a web based service. It has to work for someone, so of course everything is still vulnerable at some point. Usually when private keys or passwords are compromised if they're doing things remotely correctly, but they're still technically vulnerable at some point.
-
That's certainly a concern for some, but I'm using like 30 GB for all the things I've installed, which is a lot (12 (flatpak-system), 76 (flatpak-user)) but that's on a 2 TB drive, which amounts to like 1½% of the total available space. I don't think that's a bad trade.
Compared to a pure install that can run on an electric toothbrush it's a massive pill to swallow for some.
-
This post did not contain any content.
Flatpaks are pretty great for getting the latest software without having to have a cutting edge rolling release distro or installing special repos and making sure stuff doesn't break down the line.
I use Flatpaks for my software that I need the latest and greatest version of, and my distros native package for CLI apps and older software that I don't care about being super up to date.
My updater script handles all of it in one action anyways, so no biggie on that either.
Flatpaks are the best all-in-one solution when compared to Appimages or Snaps imo.
-
This post did not contain any content.
I don't like how so many distros ship with discover configured to install flatpaks by default. It's a huge newbie trap when you click "open file" and uh where are all my files??
You should only install a flatpak if the program is not available for your OS, or if the native version doesn't work for some reason. -
My favorite part of the linux experience is the FREEDOM, but also being talked down to for not using my freedom correctly, I should only do things a specific way or I might as well just use windows.
wrote on last edited by [email protected]You don't have to do as they say but doing so lets you talk down to others who aren't. So it's a fair trade.
