Fedora threatened with legal action from OBS Studio due to their Flatpak packaging
-
inb4 Iceweasel
-
It’s not distro specific. Fedora Flatpaks are just built from Fedora RPMs, but they work on all distros.
If you care about FOSS spirit, security, and a higher packaging standard, then Fedora Flatpaks may be of interest.
If you want a package that just works, then Flathub may be of interest. But those packages may be using EOL runtimes and may include vendored dependencies that have security issues.
-
The lesson is that Fedora Flatpak Repo needs to fuck off. It's an anti-pattern to have an obscure flatpak repo with software that is packaged differently from everything else.
The entire point of flatpaks was to have a universal packaging format that upstream devs could make themselves, and Fedora is completely undermining it.
-
Obviously, the best solution is that the gets settled out-of-court. However, Fedora has had a long time to listen to the OBS devs' request to stop packaging broken software, so maybe they won't listen to reason.
Fedora needs to get their heads out of their asses and kill the Fedora Flatpak repo.
-
I'm sorry, but you've completely missed either the point, or how it works.
Flathub is really the problem here for not properly verifying package owners/maintainers and allowing them to moderate other versions of their work.
There honestly just needs to finally be a way to sort official packages from community packages. Right now it's a mess. Fedora should just take theirs down.
-
Fedora has always been one of the flatpak friendly distros.
No, it’s not like snap. Fedora is not removing RPMs and replacing them with flatpaks. It just defaults to flatpaks. Fedora Flatpaks are built entirely from existing RPMs.
-
Totally forget that I still was in fedora's flatpak repo until the news dropped. Took the opportunity to remove and replace it with flathub.
-
I prefer flatpaks that work.
-
And Fedora Flatpaks are universal, they work on any distros.
Flatpak by design allows you to install Flatpaks from multiple stores. The fact that snap only allows one store is a common criticism of snap.
Fedora Flatpaks were created because Fedora has strict guidelines for packages. They must be FOSS, they must not included patented software, and they need to be secure.
Flathub allows proprietary and patented software, so not all Flathub packages could be preinstalled. And if a Flathub package was preinstalled, it could add proprietary or patented bits without Fedora having a say.
Flathub packages are also allowed to use EOL runtimes and include vendored dependencies that have security issues. Fedora does not want this. Fedora Flatpaks are built entirely from Fedora RPMs so they get security updates from Fedora repos.
-
And that’s a perfectly fine position to have. I get most of my apps from Flathub.
I also think that Fedora Flatpaks should be allowed to exist. And most of them work without issues. They just don’t get as much testing as Flathub since the user base is smaller.
-
Just gonna leave this here...
-
That honestly doesn't sound like a bad mission, but it seems like there's a couple other requirements they should impose on their mission and then there wouldn't be any controversy.
They should require that their package works as well as the upstream, and, in the even that it doesn't, they need to be very blatant and open that this is a downstream package, and support for it will only be provided by Fedora Flatpaks, and that you may have better results with the official packages.
The primary issues in this case is that it doesn't work, and it's not been clear to users who to ask for help.
-
Why don't you like fedora flatpaks?
Among other reasons, Fedora ensure that apps get a flatpak. Imagine there was no official flatpak, fedora would've made one. Just like fedora ensures that there are native ways to install it via dnf. On atomic distros, you want to use flatpaks very often. Hence it makes sense to package apps via flatpak.
Fedora ensures that there is not additional code in the app kind of like fdroid on phones.
Anyone can make flatpaks, not just the main dev.
-
Confidentally incorrect.
Flathub has nothing to do with this
-
Honestly, that sounds great.
My biggest problem with Flatpak is that Flathub has all sorts of weird crap, and depending on your UI it's not always easy to tell what's official and what's just from some rando. I don't want a repo full of "unverified" packages to be a first-class citizen in my distro.
Distros can and should curate packages. That's half the point of a distro.
And yes, the idea of packaging dependencies in their own isolated container per-app comes with real downsides: I can't simply patch a library once at the system level.
I'm running a Fedora derivative and I wasn't even aware of this option. I'm going to look into it now because it sounds better than Flathub.
-
I can confirm, I really missed the opportunity
-
You can edit the title...
-
And that's the #1 reason to use Mint over Ubuntu!
Snaps make a little more sense in servers since you can package CLI stuff in snaps, but not in flatpaks. For GUI apps, it's "fine" but it doesn't solve new problems, and the way Canonical has migrated apt packages to snaps is aggressive and error-prone.
-
They work on other distros... if they work at all. If those "strict guidelines" are resulting in flatpaks like OBS and Bottles, which are broken and the devs have tried to get them to stop shipping, then I'll pass on Fedora flatpaks.
I dont criticize Flatpaks for allowing alternative packaging sources. I criticize Fedora for sneakily (whether intentionally sneaky or not) setting their broken flatpak repo as the default, leading to a bunch of confusion by Fedora user that don't know they're actually using different, sometimes broken, packages from everyone else.
The uBlue downstreams of Fedora know this, and they have the decency to preaent the user with that information upon installation. So thankfully, their users don't end up wasting their time with problems that Fedora introduced.
-
I answered most of this in the other thread, but I am aware that anyone can make flatpaks. What I meant is that flatpaks were supposed to make it easier for devs to get their software to end users by allowing them to not have to worry about distro-specific packaging requirements or formats.
But when someone else takes it upon themselves to make broken flatpaks, ones that you've requested they stop doing, now they're making things worse for everyone involved and should be considered a hostile fork and treated as such.
