Don’t like it for one simple reason: no integration with the distribution. Flatpak is this sort universal solution that works, but doesn’t necessarily work hand-in-hand with the distro, unlike package managers.
Perhaps ironically, this is mocking a strawman. Flatpacks can be installed and managed using the terminal! Not only that but Linux-Distros have had graphical package managers for decades.
The primary reason that distros have embraced flatpack / snap / appimage is that they promise to lower the burden of managing software repositories. The primary reason that some users are mad is that these often don’t provide a good experience:
- they are often slower to install/start/run
- they have trouble integrating with the rest of the system (ignoring gtk/qt themes for example)
- they take a lot more space and bandwidth
Theoretically they are also more secure… But reality of that has also been questioned. Fine grained permissions are nice, but bundling libraries makes it hard to know what outdated libraries are running on the systems.
Flatpaks are good, especially compared to snap.
The future is atomic OS’s like silverblue, which will make heavy use of things like flatpak.
Atomic distros are cool, and I’m sure they will only get more popular, but I don’t buy the idea that they’re “The” future. They have their place, but they can’t really completely replace traditional distros. Not every new thing needs to kill everything that came before it.
Having nails driven into my testicles is better than snap. It’s not a high bar.
Haven’t had much opportunity to use snap, what’s the problem with them?
Haven’t had much opportunity to have nails driven into my testicles.
And also the fact that the store backend is proprietary
For me, it’s the unrenameable, unmoveable, non-hidden snap directory in my home directory’s root that doesn’t even follow the naming convention of the other directories in there.
What everyone else has already said, plus sudden updates that nuke active applications.
> plus sudden updates that nuke active applications.This is not what’s supposed to happen. If an app installed through flatpak is active while it’s receiving an update, then the update is not supposed to affect the running application until it’s closed/restarted.Edit: Somehow I didn’t realize the concern was raised against Snap and not Flatpak.
I spent my time fighting AppImages until Canonical started to force Snap on me. I hated Snap so bad it forced me to switch distros. Now I appreciate Flatpak as a result and I don’t find AppImages all that bad, either. Also, I haven’t found myself in dependency-hell nor have I crashed my distro from unofficial Repos in well over a decade.
-It’s a long way of saying It works for me and it’s not Snap.
Appimages are ok, bloated but ok. Unless a library inside is old and won’t work.
Flatpak is annoying and I don’t like it at all, so I don’t use it. Easy solution.
Fuck snap though.
While I wouldn’t want flakpak going deep into the OS I think the advantage of using them on the desktop is obvious. Developers can release to multiple dists from a single build and end users get updates and versions immediately rather than waiting for the dist to update its packages. Plus the ability to lock the software down with sandboxes.
The tradeoff is disk consumption but it’s not really that big of a deal. Flatpaks are layered so apps can share dependencies. e.g. if the app is GNOME it can share the GNOME runtime with other apps and doesn’t need to ship with its own.
deleted by creator
I’ve never heard anyone say that Flatpaks could result in losing access to the terminal.
My only problem with Flatpaks are the lack of digital signature, neither from the repository nor the uploader. Other major package managers do use digital signatures, and Flatpaks should too.
Nah, it’s the same as with systemd, docker, immutable distros etc. Some people just don’t appreciate the added complexity for features they don’t need/use and prefer to opt out. Then the advocates come, take not using their favorite software as a personal insult and make up straw-men to ridicule and argue against. Then the less enlightened of those opting out will get defensive and let themselves get dragged into the argument. 90% that’s the way these flame wars get started and not the other way around.
For the record, I use flatpak on all my desktops, it’s great, and all of the other mentioned things in some capacity, but I get why someone might want to not use them. Let’s not make software choice a tribalism thing please. Love thy neighbor as thyself, unless they use Windows, in which case, kill the bastard. /s
I was just wondering the connection between flatpaks and the terminal because I’ve never heard of flatpaks before and Wikipedia says they’re a sandboxed package management system or something?
As someone who uses Flatpak you can still use the terminal to install, uninstall and do maintenance, not sure why people believe terminal is useless with Flatpak 😞
Flatpaks are containers, same as Snaps, I personally prefer Flatpaks over Snaps, but just my personal choice. I use Flatsweep and Flatseal apps to help administrate Flatpak apps, but use terminal as well 🙂
I’ve no real preference so long as my PC starts stuff. The reason I avoid flatpaks is because I have at some point acquired the habit of anything I install that’s not an appimage I pretty much launch from the terminal and I remember trying flatpaks and them having names like package.package.nameofapp-somethingelse and I can’t keep that in my head.
I’ve actually been discussing the idea of Flatpaks offering “terminal aliases”, similar to what Snaps do, with some people involved in Flatpak. It’s something that could happen in the future, but for now, you can totally create an alias to run a Flatpak from a single word, it’s just a PITA.
?? I manage flatpaks exclusively in the terminal
The issue I have with flatpaks is the size for most applications. It just doesn’t make sense for me. Not that it’s not useful and has it’s purposes.
Flatpaks aim to be a middle ground between dependency hell and “let’s pull in the universe” bloat.
Applications packaged as Flatpaks can reference runtimes to share “bases” with other applications, and then provide their own libraries if they need anything bespoke on top of that.
Former OS security here (I worked at an OS vendor who sold an OS or two and my job involved keeping it secure).
Fuck no.
Sorry if that makes you downvote, but it doesn’t make them safer.
Would you mind elaborating?
A few reasons security people can have to hesitate on Flatpak:
- In comparison to sticking with strictly vetted repos from the big distros like Debian, RHEL, etc., using Flathub and other sources means normalizing installing software that isn’t so strongly vetted. Flathub does at least have a review process but it’s by necessity fairly lax.
- Bundling libraries with an application means you can still be vulnerable to an exploit in some library, even if your OS vendor has already rolled out the fix, because of using Flatpak software that still loads the vulnerable version. The freedesktop runtimes at least help limit the scope of this issue but don’t eliminate it.
- The sandboxing isn’t as secure as many users might expect, which can further encourage installing untrusted software.
By a typical home user’s perspective this probably seems like nothing; in terms of security you’re still usually better off with Flatpak than installing random AUR packages, adding random PPA repos, using AppImage programs, installing a bunch of Steam games, blindly building an unfamiliar project you cloned from github, or running bash scripts you find online. But in many contexts none of that is acceptable.
I thought flatpaks were created to make packaging easier, not to solve all security issues. Still sounds like a win to me.
I mean, they added “bash scripts you find online”, which are only a problem if you don’t look them over or cannot understand them first… Their post is very much cemented in the paranoid camp of security.
Not that they’re wrong. That’s the big thing about security once you go deep enough: the computer has to work for someone, and being able to execute much at all opens up some avenues of abuse. Like securing a web based service. It has to work for someone, so of course everything is still vulnerable at some point. Usually when private keys or passwords are compromised if they’re doing things remotely correctly, but they’re still technically vulnerable at some point.
The parent comment mentions working on security for a paid OS, so looking at the perspective of something like the users of RHEL and SUSE: supply chain “paranoia” absolutely does matter a lot to enterprise users, many of which are bound by contract to specific security standards (especially when governments are involved). I noted that concerns at that level are rather meaningless to home users.
On a personal system, people generally do whatever they need to in order to get the software they want. Those things I listed are very common options for installing software outside of your distro’s repos, and all of them offer less inherent vetting than Flathub while also tampering with your system more substantially. Though most of them at least use system libraries.
they added “bash scripts you find online”, which are only a problem if you don’t look them over or cannot understand them
I would honestly expect that the vast majority of people who see installation steps including
curl [...] | sh(so common that even reputable projects like cargo/rust recommend it) simply run the command as-is without checking the downloaded script, and likewise do the same even if it’ssudo sh. That can still be more or less fine if you trust the vendor/host, its SSL certificate, and your ability to type/copy the domain without error. Even if you look at the script, that might not get you far if it happens to be a self-extracting one unless you also check its payload.
Certainly a fan, and I don’t understand the hate towards it.
Flatpaks are my preferred way of installing Linux apps, unless it is a system package, or something that genuinely requires extensive permissions like a VPN client, or something many other apps depend on like Wine.
The commonly cited issues with Flatpaks are:
- Performance. Honestly, do you even care if your Pomodoro timer app takes up 1 more megabyte of RAM? Do you actually notice?
- Bloat. Oh, yes, an app now takes 20 MB instead of 10 MB. Again, does anybody care?
- Slower and larger updates. Could be an issue for someone on a metered traffic, or with very little time to do updates. Flatpaks update in the background, though, and you typically won’t notice the difference unless you need something newest now (in which case you’ll have to wait an extra minute)
- Having to check permissions. This is a feature, not a bug. For common proponents of privacy and security, Linuxheads grew insanely comfortable granting literally every maintainer full access to their system. Flatpaks intentionally limit apps functionality to what is allowed, and if in some case defaults aren’t good for your use case - just toggle a switch in Flatseal, c’mon, you don’t need any expertise to change it.
What you gain for it? Everything.
- Full control over app’s permissions. Your mail client doesn’t need full system permissions, and neither do your messengers. Hell, even your backup client only needs to access what it backs up.
- All dependencies built in. You’ll never have to face dependency hell, ever, no matter what. And you can be absolutely sure the app is fully featured and you won’t have to look for missing nonessential dependencies.
- Fully distro-agnostic. If something works on my EndeavourOS, it will work on my OpenSUSE Slowroll, and on my Debian 12. And it will be exactly the same thing, same version, same features. It’s beautiful.
- Stability. Flatpaks are sandboxed, so they don’t affect your system and cannot harm it in any way. This is why immutable distros feature Flatpaks as the main application source. Using them with mutable distributions will also greatly enhance stability.
Alternatives?
AppImages don’t need an installation, so they are nice to see what the program is about. But for other uses, they are garbage-tier. Somehow they manage both not to integrate with the system and not be sandboxed, you need manual intervention or additional tools to at least update them/add to application menu, and ultimately, they depend on one file somewhere. This is extremely unreliable and one should likely never use AppImages for anything but “use and delete”.
Snaps…aside from all the controversy about Snap Store being proprietary and Ubuntu shoving snaps down people’s throats, they were just never originally developed with desktop applications in mind. As a result, Snaps are commonly so much slower and bulkier that it actually starts getting very noticeable. Permissions are also way less detailed, meaning you can’t set apps up with minimum permissions for your use case.
This all leaves us with one King:
And it is Flatpak.
Can someone explain why flatpak isn’t necessary for distros that have proper OS dependency management like Arch-based distros or Nix?
Seems like flatpak is solving a problem for OS’s that don’t have proper dependency management.
Flatpak have their own set of issues. One thing is, that Flatpak applications do not integrate that easily and perfect like a native package. Either rights are to given, you need to know what rights are needed and how to set it up. Theming can be an issue, because it uses its own libraries in the Flatpak eco system instead your current distributions theme and desktop environment.
But on the other hand, they have actually a permission system and are a little bit sandbox compared to normal applications. Packages often are distributed quickly and are up to date directly from the developers, and usually are not installed with root rights.
I’m pretty much a CLI guy as well and prefer native packages (Arch based, plus the AUR). But I also use Flatpaks for various reasons, alongside with AppImages.
My favorite part of the linux experience is the FREEDOM, but also being talked down to for not using my freedom correctly, I should only do things a specific way or I might as well just use windows.
About the image: The joke’s on you, I install my flatpaks via the terminal.
I’ve started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks’ permissions.
Installing flatpaks via the terminal is so much faster for some reason, so I always do it that way.
