Fedora Flatpak exists to match Fedora’s philosophy on FOSS, patented software, and security.

Everything in Fedora must be FOSS and free of legal issues, like codecs. Fedora also takes security seriously, so all their Flatpaks use dependencies all from Fedora repos.

Fedora never called it official. It lacked the verification tick that official Flathub packages get and right under the install button in Gnome Software, the install source says “Fedora Linux”.

Flathub isn’t quite default, but it’s an option in the setup screen. It’s also the lowest priority.

Provided they fix the issues they outlined, yes.

Fedora aims for FOSS, software unencumbered by patents, and security.

Flathub explicitly allows proprietary and patented software.

And since they want upstream apps to publish their apps and not scare them away, security isn’t as strong. Apps are allowed to use EOL runtimes and apps roll their own vendored dependencies. Fedora Flatpaks solve this problem by building all their flatpaks from their distro packages.

That uses the experimental of the color management protocol. Now that the protocol is stable, it will be exposed by default. And hopefully we shouldn’t need to install additional software, set environmental variables, or pass command line flags.

It means it can play HDR videos in Wayland environments that support the protocol (Gnome, Plasma) among other color improvements this protocol brings.

Videos may use different color spaces. So it’s good to tell the composition which colorspace you’re using so you don’t end up losing detail and distorting colors when displaying them.

(I’m also by no means a color expert, might have gotten some details wrong).

OBS continued using the EOL runtime because of Qt regressions introduced in the updated KDE runtime. The OBS team decided the security risk of sticking to the EOL runtime was small, so they didn’t update.

But that still does mean that users were no longer receiving security updates. Ideally, OBS should have moved to the standard Freedesktop runtime and vendored in the older Qt dependency. That way, the they would still be receiving security updates for everything in the Freedesktop runtime. Then once the regressions were fixed, they could move to the updated KDE runtime and remove the vendored Qt dependency.

Overall, the risk OBS had was small. But it demonstrates a larger issue with Flathub, which is that they don’t take security as seriously as Fedora. There are hundreds of flatpaks in Flathub that haven’t been updated in years, using EOL runtimes and vendored dependencies that get no updates.

“strict guidelines” are resulting in flatpaks like OBS and Bottles, which are broken and the devs have tried to get them to stop shipping, then I’ll pass on Fedora flatpaks

That’s fine.

I criticize Fedora for sneakily (whether intentionally sneaky or not) setting their broken flatpak repo as the default

It’s not sneakily. Fedora Flatpaks do not have verified badges and in Gnome Software, they show “[Flatpak Icon] Fedora Linux” right under the install button.

Is this system perfect? No. For example, it stills shows “Mozilla Corporation”, but note that this issue also affects Flathub. That line is about the app creator, not publisher.

leading to a bunch of confusion by Fedora users that don’t know they’re actually using different, sometimes broken, packages from everyone else.

Most people get their packages from their distros repos. Arch, Linux Mint, Pop!_OS all default to distro repos. The latter two include Flathub, but still prefer debs by default. So most people are using unofficial packages by default that are different from what everyone else is using.

As for users feeling “tricked”? That’s a difficult thing to say. I would like to say that users should at least know something about the distro they are choosing (ie Ubuntu users should know about snap; Fedora/Debian users should know about their stances on FOSS, security, and patents; Arch users should know its a DIY distro). But I was once a new user and I remember using Ubuntu for months before learning that their packages aren’t official and about how their repo freezes work.

The situation could certainly be improved. Fedora could show a slide in Gnome’s Tour screen informing them about Fedora defaults to their own packages not supported by upstream and their stances on FOSS.

And that’s a perfectly fine position to have. I get most of my apps from Flathub.

I also think that Fedora Flatpaks should be allowed to exist. And most of them work without issues. They just don’t get as much testing as Flathub since the user base is smaller.

And Fedora Flatpaks are universal, they work on any distros.

Flatpak by design allows you to install Flatpaks from multiple stores. The fact that snap only allows one store is a common criticism of snap.

Fedora Flatpaks were created because Fedora has strict guidelines for packages. They must be FOSS, they must not included patented software, and they need to be secure.

Flathub allows proprietary and patented software, so not all Flathub packages could be preinstalled. And if a Flathub package was preinstalled, it could add proprietary or patented bits without Fedora having a say.

Flathub packages are also allowed to use EOL runtimes and include vendored dependencies that have security issues. Fedora does not want this. Fedora Flatpaks are built entirely from Fedora RPMs so they get security updates from Fedora repos.

Fedora has always been one of the flatpak friendly distros.

No, it’s not like snap. Fedora is not removing RPMs and replacing them with flatpaks. It just defaults to flatpaks. Fedora Flatpaks are built entirely from existing RPMs.

Fedora already has two “warnings” when it comes to their own packages.

First, Gnome Software shows a verified badge for all Flatpaks that are maintained by upstream. The Fedora Flatpak does not have this badge.

Second, when installing a Fedora Flatpak, the label “Fedora Flatpak” shows right under the install button

Sure, this isn’t perfect. Non-technical users may not understand what these mean. But it’s not like Fedora is intentionally trying to mislead users.

It’s not distro specific. Fedora Flatpaks are just built from Fedora RPMs, but they work on all distros.

If you care about FOSS spirit, security, and a higher packaging standard, then Fedora Flatpaks may be of interest.

If you want a package that just works, then Flathub may be of interest. But those packages may be using EOL runtimes and may include vendored dependencies that have security issues.

That wouldn’t work. Flathub and Fedora Flatpaks have different goals.

Fedora Flatpaks must meet legal requirement set by Fedora, so no proprietary or patented software.

Flathub also encourages upstream to maintain their packages. But upstream may not meet the security requirements set by Fedora. Fedora has much stricter packaging guidelines which don’t permit vendored dependencies.

I had a better desktop experience with the FOSS driver than the proprietary driver when testing a 2060 on Fedora 41.

Dark colors still emit blue light.

I’m not going to deny that he can act aggressively, but his point is still valid. The anti-Rust sentiments of some maintainers has slowed down the upstreaming of Rust into the kernel. It doesn’t make sense to waste people’s time by letting R4L limp along in its current state.

R4L either needs to be given the go-ahead to get things upstreamed, to the dismay of some Linux maintainers who don’t like Rust, or R4L should be killed and removed from the kernel so we can stop wasting people’s time.

Personally, I think killing R4L would be a major mistake. Android’s Linux fork with Rust support has been a major success for Google and significantly cut down on vulnerabilities. And the drivers for Apple’s M chips has been surprisingly robust given how new they are and for being reverse engineered.

Not AI.

My bad on the Apple part.