Follow

Interesting post about Flatpak and how it may not be all it’s cracked up to be...

flatkill.org/2020/

@kev It is interesting, and raises a lot of good points. I can't help but wonder how realistic the arguments are other than marketing. Is it really less safe than native methods (say, .deb, etc) as so many don't keep those patched?

@chris yeah, agreed. My takeaway was that they’re not the magic pill any dress them up to be.

@kev It's trading security for convenience.

Security issues aside, I dislike that an old application can force the requirement for an old runtime to exist while newer ones introduce fresher runtimes.

I hope that distributions maintain their native packaging and don't all go the route of Silverblue and rely on flatpaks for applications.

Hopefully sanity will prevail and a single solution like AppImage will win out but its use should always be optional.

@neildarlow @kev A fact that you might consider interesting: Fedora itself, for example, packages its own distribution packages as flatpak. Means you get the same benefits as the native version have regarding hardening and package version, but also get the Flatpak benefits of possible sandboxing and isolation.

Flatpak and Flathub are not the same and should be considered independently.

@sheogorath I don't think they have a complete packaging of applications as flatpak.

Silverblue, for example, uses RPM-OSTree to manage much of the OS components as RPMs. The number of applications available as flatpak is limited.

I have a Silverblue installation and you need to enable the flathub repository to add even the most commonly-used applications.

@kev

@neildarlow That's correct, they also use OCI container images instead of OSTree images. Also note that flatpak also isn't intended to replace RPMs or other distro packages entirely, but only for non-system/platform Desktop applications. (For example flatpak doesn't intend to be used for GNOME files)

But there is the intend to further go down the flatpak road and package more software distro software as flatpaks.

@kev

@kev Between systemd and Flatpak/Snap crap are going to kill the GNU/Linux as We usually know just because Red Hat and Canonical are competing for who gets the control of the OS. And the most ironical thing is that they want to become like Windows.

@jrballesteros05
...what?
Containerized apps are coming from the server space to help with a problem that's unique to the Linux ecosystem. It has nothing to do with Windows.
Snap and flatpaks are 2013/2014.
systemd has been used by the majority of distributions since what, 2014/2016? Is Linux "as we know it" dead and I didn't get the memo?

@kev

@ghil @kev Snap and Flatpak should be used as alternatives, especially for proprietary apps that dont want to mess with dependencies system, no the definitive solution as Canonical wants. Just see the chromium case in Ubuntu. And with systemd the situation is much worse. I don't like the way they swallow the ecosystem.

@jrballesteros05 @kev And that would be exactly why the old Unixes lost their pitch: Comercial vendors trying to distinguish their systems to the point of incompatibility without regard for the real interests of the users.
Although the good thing this time is that its free software. IMHO the learning here is to simply avoid the comercial vendors.

@kev They make some good points in this article. However... They pass over the universal package factor, which is literally the reason I use Flatpak. Also "containerized" apps, despite the issues they point out, mostly don't have root access, and they stay up to date.

@daver98 yeah, agreed. They definitely have their benefits, I just think that they’re no the magic pill many make them out to be.

@kev fair enough- There's no such thing as a perfect technology. Especially when your talking about the universal packaging formats (I use all 3) everything has advantages and disadvantages.

@kev it seemed like an open version of snap, but now it seems like a half baked devops tool. Thanks for sharing.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.