this post was submitted on 10 Jun 2024
12 points (57.7% liked)
Linux
48077 readers
771 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not for everyone, no. For me, each supposed pro has a corresponding con or is just a no-op:
Only one package for all distros: Despite what people think, this does not lower the amount of work for the program's creator, who was never required to create any sort of binary package at all. Furthermore, it means that fewer people are checking the package for faults—that's part of what distro maintainers do, y'know.
No external dependencies: Not only does this cause disk bloat, but it means that if the flatpak is no longer updated, the dependencies packaged inside it may not be either . . . which is one of the issues that dynamic linking was supposed to avoid in the first place. Might as well just go old-school and statically link the binary.
Installations at user rather than system level: Only of value if I don't have admin authority, and I don't have to deal with a single system where that's the case, so this is a no-op.
Supposedly more rapid updates: I'm running Gentoo, not Debian ~~fossil~~ :cough: oldstable. If I really want to, I can have my package manager install direct pulls from source control for many packages. New changes every day—beat that, flatpak. Plus, unless there's been a substantial change to a package's build method, I can bump actual releases myself just by copying and renaming a small file, then running a couple of commands.
Sandboxing: As far as I'm concerned, the amount of security added by sandboxing and the amount of security added by the additional scrutiny from the distro maintainers is probably about even (especially since the sandbox, as a non-trivial piece of software, will inevitably contain bugs). And I can can throw firejail on top if I'm worried about something specific (or run it in a VM if I'm really nervous). I can understand why this might be attractive to some people, but for me the weight is very low.
.
So I'm left with avoiding bloat and bugs in flatpak's system integration vs. a little bit of security gained by additional sandboxing (which I don't think I really need, because I'm only mid-level paranoid). Thus, I'm not interested in complexifying my update process by incorporating flatpak into my system. Others' needs may be different.