I’ve never heard anyone say that Flatpaks could result in losing access to the terminal.
My only problem with Flatpaks are the lack of digital signature, neither from the repository nor the uploader. Other major package managers do use digital signatures, and Flatpaks should too.
I was just wondering the connection between flatpaks and the terminal because I’ve never heard of flatpaks before and Wikipedia says they’re a sandboxed package management system or something?
IDK why you’re being so rage baity. Its easy to avoid flatpaks if you dont like them. Only thing I’ve ever found as an obstacle was adding the binaries to my PATH so I can launch it with dmenu_run. Otherwise my package manager works well enough.
Bonus points: Write a PKGBUILD that installs flatpaks to /opt and symlink out binaries as needed.
Just a conversation opener, relax. Only one here shaking a fist in the air is you.
You don’t have to use a meme insulting some side to just start a conversation.
Flatpaks are pretty great for getting the latest software without having to have a cutting edge rolling release distro or installing special repos and making sure stuff doesn’t break down the line.
I use Flatpaks for my software that I need the latest and greatest version of, and my distros native package for CLI apps and older software that I don’t care about being super up to date.
My updater script handles all of it in one action anyways, so no biggie on that either.
Flatpaks are the best all-in-one solution when compared to Appimages or Snaps imo.
Former OS security here (I worked at an OS vendor who sold an OS or two and my job involved keeping it secure).
Fuck no.
Sorry if that makes you downvote, but it doesn’t make them safer.
Would you mind elaborating?
A few reasons security people can have to hesitate on Flatpak:
- In comparison to sticking with strictly vetted repos from the big distros like Debian, RHEL, etc., using Flathub and other sources means normalizing installing software that isn’t so strongly vetted. Flathub does at least have a review process but it’s by necessity fairly lax.
- Bundling libraries with an application means you can still be vulnerable to an exploit in some library, even if your OS vendor has already rolled out the fix, because of using Flatpak software that still loads the vulnerable version. The freedesktop runtimes at least help limit the scope of this issue but don’t eliminate it.
- The sandboxing isn’t as secure as many users might expect, which can further encourage installing untrusted software.
By a typical home user’s perspective this probably seems like nothing; in terms of security you’re still usually better off with Flatpak than installing random AUR packages, adding random PPA repos, using AppImage programs, installing a bunch of Steam games, blindly building an unfamiliar project you cloned from github, or running bash scripts you find online. But in many contexts none of that is acceptable.
I thought flatpaks were created to make packaging easier, not to solve all security issues. Still sounds like a win to me.
I mean, they added “bash scripts you find online”, which are only a problem if you don’t look them over or cannot understand them first… Their post is very much cemented in the paranoid camp of security.
Not that they’re wrong. That’s the big thing about security once you go deep enough: the computer has to work for someone, and being able to execute much at all opens up some avenues of abuse. Like securing a web based service. It has to work for someone, so of course everything is still vulnerable at some point. Usually when private keys or passwords are compromised if they’re doing things remotely correctly, but they’re still technically vulnerable at some point.
The parent comment mentions working on security for a paid OS, so looking at the perspective of something like the users of RHEL and SUSE: supply chain “paranoia” absolutely does matter a lot to enterprise users, many of which are bound by contract to specific security standards (especially when governments are involved). I noted that concerns at that level are rather meaningless to home users.
On a personal system, people generally do whatever they need to in order to get the software they want. Those things I listed are very common options for installing software outside of your distro’s repos, and all of them offer less inherent vetting than Flathub while also tampering with your system more substantially. Though most of them at least use system libraries.
they added “bash scripts you find online”, which are only a problem if you don’t look them over or cannot understand them
I would honestly expect that the vast majority of people who see installation steps including
curl [...] | sh(so common that even reputable projects like cargo/rust recommend it) simply run the command as-is without checking the downloaded script, and likewise do the same even if it’ssudo sh. That can still be more or less fine if you trust the vendor/host, its SSL certificate, and your ability to type/copy the domain without error. Even if you look at the script, that might not get you far if it happens to be a self-extracting one unless you also check its payload.
I’m not a huge fan of Flatpaks, they’re a lot harder to distribute offline versus something like AppImage. Seriously, you have to like create an offline repository, then create a bundle, and it’s like 6 or 7 steps, it’s honestly kind of ridiculous lol but other than that they seem fine, and they’re easy enough to update (but so are apt packages)
I know some people may say “oh why do you need that”, but Linux has taught me that my computer is my own, and I should be able to use it the way I want to. I shouldn’t have to fight with my package manager to get it to do what I want. So I guess you could say, no I’m not really a fan of Flatpaks.
Personally, I didn’t mind Snaps, but I’m getting kind of really fed up with especially for-profit companies etc so I don’t like Snap that much now either.
Apt packages are nice, but the more of them you have installed, especially if you’re using Ubuntu-based distros and have lots of PPAs, the more annoying upgrading your distro version can be because of all the dependencies and cross-dependencies.
AppImage tends to just work for me, as long as it’s not compiled with a newer libc-bin version than the distro I’m currently using has, and I really enjoy that it’s just one file I can copy and run pretty much anywhere.
I seem to have constant issues with AppImages. Every single one I have currently won’t open. I get an error message relating to either qT or GTK. Tried searching for the error and get a bunch of old forum threads talking about either not being compatible with Wayland at all, or comments stating that the one specific AppImage in question must have been “packaged badly”. Thankfully, nothing ‘mission critical’ for me is an AppImage currently, but it is quite upsetting that I have the most problems with the supposed “just works” app packaging/distribution option.
I prefer Arch Linux’s use of flatpaks, which is none at all ever
Joke’s on you, I use Flatpaks on Arch
Why, it’s totally unnecessary.
i have a couple on arch also, mostly because of dependency issues breaking the program and it being a pain in the ass to fix
Which ones? Everything in the arch main repos are compiled for your system, and most things in the AUR can either be built from source, or have -bin installs.
It’s a neat concept. The distro-agnostic aspect is definitely a plus for some people but I still prefer distro-specific installation methods. The only time I would seek out the Flatpak version of a particular software is when it’s the only version available.
There was a few years where I pretty much only used Flatpaks because I was scared of the terminal. But now that I’ve learned how to use the terminal, it’s so much more convenient because I can quickly update all my applications all in one place without having to open a separate app. Plus, some Flatpaks can fall really behind on software updates.
There might be a Linux userbase someday where no one other than developers actually knows how to use the terminal, because users can run everything they want without a command line, but maybe that’s actually a good thing because it’ll drive up how many people use a Linux distro.
With Windows and Mac, there’s a shareholder incentive to enshittify. With Linux, if a distro goes bad and gets commercialized, there’s always another distro people can move to, not to mention there’s no financial incentive. The more people get on Linux, the less power these tech companies have. Personally, that and privacy are what drew me to Linux much more so than being able to tinker or fine-tune my experience.
There might be a Linux userbase someday where no one other than developers actually knows how to use the terminal, because users can run everything they want without a command line
Ideally, all the essential terminal commands could be replicated in a user-friendly GUI-applicable manner. Don’t ever have to remove the terminal for those that enjoy it, but if we could have a magic world where even the failure states could be navigated with little to no prior knowledge required and it gets everyone away from Windows and Mac for good, I’m all for it.
I use SystemD binary Gentoo with Flatpaks. Sue me.
I spent my time fighting AppImages until Canonical started to force Snap on me. I hated Snap so bad it forced me to switch distros. Now I appreciate Flatpak as a result and I don’t find AppImages all that bad, either. Also, I haven’t found myself in dependency-hell nor have I crashed my distro from unofficial Repos in well over a decade.
-It’s a long way of saying It works for me and it’s not Snap.
I don’t really care about all these different things, as long as none of them become a crazy confusing mess, like Windows DLLs.
When I open my task manager I see flatpak-session-helper near the top of the list for ram usage and am suspicious
flatpaks are fine and useful, i just wish we didn’t move into a scenario where applications that used to be easily available in distro repos start moving away from them and are only available through flatpaks. distro packages are just so much more efficient in every way. flatpaks are easier on maintainers and developers but that comes at a cost to the user. i have about a dozen or less flatpak apps installed and already i have to download at least 2 gigs of updates each week. i run debian
As long as software is available in the Software Manager to be installed that way… I don’t care what format it’s in.
But don’t make normies go to the terminal. It’s inhumane, and really does not help the masses get away from big tech - which is a worthier goal than keeping your software terminal-only.
Not a fan. There’s often trouble, and some settings is hassle, and sometimes not even working.
