Can I ignore flatpak indefinitely?
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
Is it because developers are often using dependencies that are ahead of release versions?
That has been my experience recently. I had the same mindset as you until a critical piece of software I use shat the bed on Arch (LiveCaptions) that affected my being able to watch training videos for work.
Because it was time critical and I didn’t feel like possibly breaking other things for one package, I grabbed the flatpak. It came with its own nvidia driver package (mine was newer) and it worked out of the box without having to mess with anything and that was enough to change my hardline view on that.
Now it’s just another tool to use in an emergency when important things randomly break.
-
Yes. You can always build from source; f need be
Correct, horse_battery_staple
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
Just as my two cents, as a user - I like flatpaks because I can have up to date versions of certain applications on a more stable Debian base. I also like that application configs all go in one spot (~/.var/app/com.Example.example), and granular permissions management per application.
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
I might be an exception here, but I really like flatpaks. I like their sandboxed nature and using Flatseal, you can cherry pick the permissions you want to give to a flatpak application. Don't want to give n/w access, boom done, like that. And finally if anything goes wrong, delete the app data and you are fresh to go. Also from a security standpoint, you can grand or deny access to specific directories and most apps don't have root access.
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
Yes you can. I do. If a software does not offer build instructions, which is rare, I just do not use it.
-
You're just not the target user.
The whole OCI mindset is geared towards absolute noobs like me, and cloud native devs that develop inside containers on a daily basis.
Take me for example. I use Bazzite, it's the first distro I couldn't break. On top of that, flatpaks, appimages and brew are my only options for software. Since Bazzite is an atomic distro (think immutable ) I could also use Distrobox but I don't want to deal with it.
Everything just works for me, I don't care about anything. I broke so many distros before. Sure, I don't control every nut and cranny but I don't want to.
If you know how to not break your stuff then that's great, but I don't, and I don't want to learn that. I just want to learn other things.
Not to be that person, but you aren't restricted to those solutions for software, that's what
rpm-ostreeis there for. It layers applications over your system image and installs software in a similar manner to a "normal" package manager. -
You're just not the target user.
The whole OCI mindset is geared towards absolute noobs like me, and cloud native devs that develop inside containers on a daily basis.
Take me for example. I use Bazzite, it's the first distro I couldn't break. On top of that, flatpaks, appimages and brew are my only options for software. Since Bazzite is an atomic distro (think immutable ) I could also use Distrobox but I don't want to deal with it.
Everything just works for me, I don't care about anything. I broke so many distros before. Sure, I don't control every nut and cranny but I don't want to.
If you know how to not break your stuff then that's great, but I don't, and I don't want to learn that. I just want to learn other things.
I just use it if the package/dependencies aren't available or functional in the default arch repo. I like to be able to turn nuts and bolts but also avoid it when it's inconvenient.
2 package managers is fine for me.
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
Downsides of distro pacakges:
- someone needs to package an application for each distro
- applications often need to maintain support for multiple versions of some of their dependencies to be able to continue to work on multiple distros
- users of different distros use different versions of the application, creating more support work for upstream
- users of some distros can't use the application at all because there is no package
- adding 3rd party package repos is dangerous; every package effectively gets root access, and in many cases every repo has the ability to replace any distro-provided package by including one with a higher version number. 3rd party repos bring the possibility of breaking your system through malice or incompetence.
Downsides of flatpak:
- application maintainers are responsible for shipping shipping their dependencies, and may not be as competent at shipping security updates as distro security teams
- more disk space is used by applications potentially bringing their own copies of the same dependencies
-
Not to be that person, but you aren't restricted to those solutions for software, that's what
rpm-ostreeis there for. It layers applications over your system image and installs software in a similar manner to a "normal" package manager.I've used it here and there when there is no other option, still no problems yet for the OS itself, but I have run into issues installing certain things, most likely due to my lack of knowledge.
I think I may be giving arch another shot soon as my needs have changed and it was so godamn close to everything I needed.
-
The risk of dependency vulnerabilities is real.
Also, flatpak packages are not digitally signed, unlike apt and all other major Linux distro package managers.
Do you have a resource I can take a look at for what this implies at what it accomplishes?
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
Can I ignore flatpak indefinitely?
Sure, at least until software you want to use is flatpak only, e.g. Bottles
-
yaysimplifies the AUR installationSimple to me means not having to install some random extra tool and just using
pacmanlike normal. That's why I grumble.Haa understood. In that perspective yes it is not simple. I would also be happy if
pacmanhad better support for AUR.But I have a different perspective on this. I always look for the right or the best tool available to do something. So I'm not that hesitant to use another tool for AUR. I guess it's a personal preference after all.
-
Not to be that person, but you aren't restricted to those solutions for software, that's what
rpm-ostreeis there for. It layers applications over your system image and installs software in a similar manner to a "normal" package manager.rpm-ostree is intended to be the last resort because layering causes issues with updates and other things
-
rpm-ostree is intended to be the last resort because layering causes issues with updates and other things
Sure, I was just saying that you could use it and aren't necessarily restricted to the other options.
-
Can I ignore flatpak indefinitely?
Sure, at least until software you want to use is flatpak only, e.g. Bottles
Or use a stable distro and need a package newer than 2 years.
-
Haa understood. In that perspective yes it is not simple. I would also be happy if
pacmanhad better support for AUR.But I have a different perspective on this. I always look for the right or the best tool available to do something. So I'm not that hesitant to use another tool for AUR. I guess it's a personal preference after all.
You don't have to use an AUR helper, you could build it all with makepkg, but the helper just allows you to save time searching, downloading, and building.
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
Sure you can! Just run
alias flatpak=snapand you'll be golden.(I'll show myself out...)
-
Downsides of distro pacakges:
- someone needs to package an application for each distro
- applications often need to maintain support for multiple versions of some of their dependencies to be able to continue to work on multiple distros
- users of different distros use different versions of the application, creating more support work for upstream
- users of some distros can't use the application at all because there is no package
- adding 3rd party package repos is dangerous; every package effectively gets root access, and in many cases every repo has the ability to replace any distro-provided package by including one with a higher version number. 3rd party repos bring the possibility of breaking your system through malice or incompetence.
Downsides of flatpak:
- application maintainers are responsible for shipping shipping their dependencies, and may not be as competent at shipping security updates as distro security teams
- more disk space is used by applications potentially bringing their own copies of the same dependencies
Another upside is the easy permission management.
You can revoke network access from your password manager to reduce attack surface; you can revoke camera access from your chat app to prevent accidentaly enabling it; You can restrict an App's file system access to prevent unwanted changes; etc.
It's not yet fit to protect from malicious apps, but it still finds some use.
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
If your distro provides everything you need then I would avoid flatpak. Getting apps to speak to each other is a pain, updates use more data, backups and restores take much longer, they don't perform as well and config files are not necessarily where you expect them to be.
I have Debian Stable on an older laptop and only install apps as flatpaks if they are not available otherwise. I also have a very new laptop with Fedora on it (because it needs a newer kernel) and have had to install more flatpaks just to make things work properly, because they include their dependencies, codecs etc which are missing in Fedora. Appimages seem to do this too and I find them preferable to flatpak because they integrate more predictably with my system. Apps are slower to launch though and have to be manually updated.
Like you, I'd prefer to just have a package manager and a single source of software and plan to go back to Debian when my newer machine is supported by it.
-
I'm admittedly yelling at cloud a bit here, but I like package managers just fine. I don't want to have to have a plurality of software management tools. However, I also don't want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don't develop distributed applications, but Im not understanding how it simplifies dependency management. Isn't it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don't maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it's something I should adopt, or if I can continue to blissfully ignore.
That's what I do. But then I mostly use Arch or Arch based distros (e.g. EndeavourOS). So I have access to AUR. If something isn't on AUR (very rare, but can happen), I just create the package for it and publish to AUR. I do use some AlmaLinux machines as server. I don't really need many programs outside of the standard repos there since I use them mostly for hosting Docker images. But if I do need to install something like that, I've some self-written LURE install scripts.
