Fan of Flatpaks ...or Not?
-
For sure and I agree that should be enough but the average person is not good with computers and they don’t want to learn. They won’t understand the nuances of different distributions of Linux. Like try explaining the difference between a .deb, a .tar.gz, and a .rpm to a person who’s already hésitent about using Linux. Flatpak solves that by just having one download that any Linux install can use
Appimage
-
This post did not contain any content.
It's not my fault they make running apps from the cli so irritating. Broken by design. Even snaps work better.
-
This post did not contain any content.
i like it. they are very convenient, work every time, and solves the distribution problem.
-
Would you mind elaborating?
A few reasons security people can have to hesitate on Flatpak:
- In comparison to sticking with strictly vetted repos from the big distros like Debian, RHEL, etc., using Flathub and other sources means normalizing installing software that isn't so strongly vetted. Flathub does at least have a review process but it's by necessity fairly lax.
- Bundling libraries with an application means you can still be vulnerable to an exploit in some library, even if your OS vendor has already rolled out the fix, because of using Flatpak software that still loads the vulnerable version. The freedesktop runtimes at least help limit the scope of this issue but don't eliminate it.
- The sandboxing isn't as secure as many users might expect, which can further encourage installing untrusted software.
By a typical home user's perspective this probably seems like nothing; in terms of security you're still usually better off with Flatpak than installing random AUR packages, adding random PPA repos, using AppImage programs, installing a bunch of Steam games, blindly building an unfamiliar project you cloned from github, or running bash scripts you find online. But in many contexts none of that is acceptable.
-
This post did not contain any content.
Flatpaks together with "immutable" distributions, Wayland and systemd are a heresy, a crime against the UNIX principles, a disgrace in the eyes of of SED and AWK. REPENT! Save your immortal core dumps and return to the one true /home !
-
I agree that flatpak should just invoke
flatpak uninstall --unusedright after uninstalling a flatpak. I don't get why it doesn't do this automatically. Granted, some distro package managers (used to) operate somewhat similarly in that they required theautoremoveoption.wrote on last edited by [email protected]I actually tried
flatpak uninstall --unusedand it didn't remove these ones. So there's something odd going on there. My guess is maybe Mint manually installed them through the driver manager program? That's a wild guess, I don't know how it works. -
Appimage
Ah, that’s actually what I was thinking of in my previous comment
-
This post did not contain any content.
theyre whatever, they have their place in my system, but inprefer installing debs from the repo
-
This post did not contain any content.
If it's a mostly self-contained app, like a game or a utility, then Flatpak is just fine. If a Flatpak needs to interact with other apps on the host or, worst case, another Flatpak it gets tricky or even impossible. From what I've seen though, AppImage and Snap are even worse at this.
-
> plus sudden updates that nuke active applications.This is not what's supposed to happen. If an app installed through flatpak is active while it's receiving an update, then the update is not supposed to affect the running application until it's closed/restarted.Edit: Somehow I didn't realize the concern was raised against Snap and not Flatpak.
Luckily this was about Snap.
-
This post did not contain any content.
I'd take a well-maintained native package for my distro over a Flatpak, but sometimes, a Flatpak is just the the easiest way to get the latest version of an application working on Debian without too much tinkering - not always no tinkering, but better than nothing.
This is especially true of GIMP - Flatpak GIMP + Resynthesizer feels like the easiest way to experience GIMP these days. Same with OBS - although I have to weather the Flatpak directory structure, plugins otherwise feel easier to get working than the native package. The bundled runtimes are somewhat annoying, but I'm also not exactly hurting for storage at the moment - I could probaby do to put more of my 2 TB main SSD to use.
I usually just manage Flatpaks from the terminal, though I often have to refresh myself on application URLs. I somewhat wish one could set nicknames so they need not remember the full name.
-
I like the sandboxing of Flatpak, but I prefer AppImage as I don't like having the Flatpak runtime requirement.
Don't AppImages also have a similar requirement just with stuff that is already installed on many popular distros so many people just don't notice it? I think I read somewhere that running AppImages on systems that even slightly differ from the big popular distros is a pain since you still have to ship this stuff with them but it is more cumbersome than with flatpaks.
-
They always seem to have some critical limitation. Handbrake is too slow via flatpak to work. Flatpak Zoom had no camera access. Flatpak-only Zen browser can't use passkeys. Zen browser asks to be my default browser every time I open it, even though it is and I always say yes; is this a flatpak limitation? I don't know, and I'd prefer not to have to figure it out just for some theoretical benefits and more overhead.
Flatpak Zen Browser is never asking me to be the default. Maybe it did in the beginning but I don't remember.
-
A few reasons security people can have to hesitate on Flatpak:
- In comparison to sticking with strictly vetted repos from the big distros like Debian, RHEL, etc., using Flathub and other sources means normalizing installing software that isn't so strongly vetted. Flathub does at least have a review process but it's by necessity fairly lax.
- Bundling libraries with an application means you can still be vulnerable to an exploit in some library, even if your OS vendor has already rolled out the fix, because of using Flatpak software that still loads the vulnerable version. The freedesktop runtimes at least help limit the scope of this issue but don't eliminate it.
- The sandboxing isn't as secure as many users might expect, which can further encourage installing untrusted software.
By a typical home user's perspective this probably seems like nothing; in terms of security you're still usually better off with Flatpak than installing random AUR packages, adding random PPA repos, using AppImage programs, installing a bunch of Steam games, blindly building an unfamiliar project you cloned from github, or running bash scripts you find online. But in many contexts none of that is acceptable.
I thought flatpaks were created to make packaging easier, not to solve all security issues. Still sounds like a win to me.
-
This post did not contain any content.
I prefer Arch Linux's use of flatpaks, which is none at all ever
-
> plus sudden updates that nuke active applications.This is not what's supposed to happen. If an app installed through flatpak is active while it's receiving an update, then the update is not supposed to affect the running application until it's closed/restarted.Edit: Somehow I didn't realize the concern was raised against Snap and not Flatpak.
We're talking about snaps in contrast.
-
We're talking about snaps in contrast.
My bad. Thank you for clarifying!
-
Luckily this was about Snap.
My bad. Thank you for clarifying!
-
Haven't had much opportunity to have nails driven into my testicles.
Wanna meet? /s
-
This post did not contain any content.
When I open my task manager I see flatpak-session-helper near the top of the list for ram usage and am suspicious
