Flatpak and Snaps are a great step forward for Linux packaging and usability.<p>I think there's a vocal segment of the Linux community that doesn't understand what a major roadblock it is for the general user having different distributions having completely different ways of packaging, distributing, and updating applications. Don't worry, no one's taking away your apt-get, pacman, rpm, eopkg, makefiles, etc.
Ready to ruin the security of Linux, you mean. The split between package vendor and package maintainer has classically been the primary reason for malware being rare on Linux. Getting maintainers out of the loop for auditing packages, ensuring security updates go out, etc - is an <i>awful</i> idea. Sandboxing applications is great, but it can be done without subverting the package manager.
The tone of the comments on news like this never fails to disappoint me. Sigh.<p>The Snap store so vastly improves my user experience of using common apps I switched from Arch Linux (where 50% of the programs I had installed came from the AUR) to Ubuntu, where everything I needed was just <i>there</i>. No longer do I need to run weird scripts from the internet to get simple stuff to run on my non-standard distro (which could be Arch, Fedora, or whatever I am running at the time).<p>You can hold the position that these things are a big security risk. Distributing monolithic packages with likely old/vulnerable dependencies is not a great idea. But on the other hand, it prevents asking the user to run random scripts (which in many cases are <i>not</i> vendor provided) as root to get their software, and it gives the user integrated automatic updates and other software center integration (as opposed to downloading random stuff from the internet). In terms of increased security through sheer usability and requiring less manual maintenance, the advantages of Snaps and Flatpak add up, I think. Many things in security are a tradeoff, and I feel that <i>getting the user to do the right thing</i> is often extremely undervalued. I think it is also undervalued in these comments.<p>Flatpak and Snaps still have a lot of problems. Why do we have two competing standards? Why can't I properly get all Snaps running on Fedora or other platforms that use SELinux [rhetorical question - I know the technical reasons]? Why do so many apps not use their sandboxing effectively? Why is it so hard for these things to respect my computer's theme? The list goes on.<p>The list of problems is long and valid. But I think it's worthy of some celebration that advancements are being made in making desktop Linux usable for users and popular for developers. And I don't think it's clear at all that this is a regression in terms of security.
I like to run a pretty lean system, and flatpak gives me the ability to install some of the bloatier packages without the deep system dependencies they bring with them in a package manager.<p>Installing a PDF reader should not forcibly install Udisks2 and upower.<p>A lot of commenters are upset that maintainers are being removed from the equation. Can't each distro just set up their own maintained repository? If I understand correctly, there's nothing about flatpak that actually prevents traditional maintaining. The only thing distros have to do is integrate flatpak, set up their own repository as default, and note that user should use other repositories at their own risk. Which is basically how things already work.<p>Is there a valid reason to hate flatpak itself, or are you all just too caught up in hating change to actually evaluate it?
I've been using the Slack, GIMP, and Darktable flatpaks on Fedora Workstation (which is GNOME based), available on flathub.org, for quite a while, maybe a year - without problems. I also sometimes use Okular which is a KDE app, and by installing it, the necessary kde.Platform runtime libraries were also installed and kept up to date by flatpak - works flawlessly. There's also a LibreOffice flatpak I have installed, and it seems like the flatpak update "deltas" are smaller than RPM updates, by quite a bit.<p>I haven't used the feature yet, but supposedly there's a means of easily rolling back to a previous version in case an update has a bug the user can't work around. Rolling back RPM's can be non-trivial when there are many dependencies - it's way easier for me to do rollbacks of an RPM only based system by Btrfs snapshots which of course not everyone can depend on just for undoing an application update.<p>So I'd say this is definitely an improvement from a user perspective; and it seems no more painful and perhaps a little less painful for packagers.
I dont know but if i just compare <a href="https://snapcraft.io/store" rel="nofollow">https://snapcraft.io/store</a> and <a href="https://flathub.org" rel="nofollow">https://flathub.org</a> ... I see that snap packages have a lot more adoption by big name vendors.
My first impressions of Flatpak have been positive, with a few caveats.<p>As an end-user, I want my apps to be getting regular, automatic updates, which means it's vital to get them from some kind of official repo. I sympathize with the one-man developer who just wrote some cool little Electron app that he designed to be cross-platform and promptly gets bombarded by requests from his 10% Linux userbase that wants the app to be packaged for Debian/Ubuntu/Fedora/SuSE/Arch repos. I get it, I've <i>been</i> that annoying guy[0].<p>So to that end, packaging once as a Flatpak and working everywhere has been great. A handful of those pesky apps I used to have to regularly check for new RPM releases are now on flathub and I can update them automatically.<p>With that said, flatpak support is still spotty. DNF doesn't support flatpak yet, so I had to install GNOME Software on my Cinnamon DE just to be able to easily support and update them. There's also the issue of the greatly inflated installation sizes. I'm hopeful that support will get better soon now that it's finally at 1.0.<p>[0]<a href="https://github.com/MarshallOfSound/Google-Play-Music-Desktop-Player-UNOFFICIAL-/issues/2567" rel="nofollow">https://github.com/MarshallOfSound/Google-Play-Music-Desktop...</a>
Flatpak works much better for me on Ubuntu 18.04 with vanilla Gnome on Wayland: the Snap packages don't appear in the Gnome menu (until you launch an X session) and some Snap packages don't work at all on Wayland.
Also, Spotify is updated much more often on Flatpak hub than on Snap.
I dont understand the point of this - why is this any better than apt? Based off the top comment here this is meant to be much more user-friendly, but already installing on Ubuntu didnt work properly despite following Flatpak's own guide. And the install process for apps is then basically the same as apt. I dont get it
I would be curious to know what the differences between snap and flatpak are? Is this just a "flatpak is for RHEL, snap is for debian" situation, or is there something more to it? Just curious.
Packaging was a solved issue in Linux, congrats on the 3 steps back.<p>The rush towards containers because they're "easy" strikes yet again.<p>My fear is that the handful of companies that build packages for their desktop apps with abandon them and move to Flatpak/Snap. From the Flatpak docs it looks like anyone and everyone can just get access, even if you don't own the thing you're packaging. So if you pack $newpopularsoftware first you can now install malware on everyone's computers with a single push.<p>It's like they looked at everything bad about Chocolatey/NPM/pip/AUR and just ran with it.
I know snap makes it hard if I want to modify something inside the package even as root (so it's close to the UWP nightmare). Is flatpack any different?