Flatpak Is Not the Future

To be fair, as a daily user and (to some extent) app developer, in my experience Flatpaks have solved the problem of library fragmentation and app distribution on Linux.<p>While my experience on Snaps was mostly negative (due to bugs, virtual &quot;loop disks&quot; per every app affecting the system performance, etc.), I found that Flatpak finally lets me install essentially any app on any distro.<p>For example, the Elementary OS &quot;AppCenter&quot; apps are now available in any other distribution, thanks to the Flatpak remote. Testing daily GNOME apps has become as easy as installing their Flatpak reference, and letting them update automatically.<p>Regarding memory, storage and power consumption:<p>- The base runtimes (which are the heaviest bit) are downloaded only once per system, e.g., one for the KDE Plasma ecosystem, one for Elementary, and so on. The first app you install will pull them, so I do not see it as much more bloaty than having an enormous bundle of system-wide dependencies (e.g. if you install a KDE app in a primarily GNOME environment) as would happen otherwise.<p>- Memory and CPU-wise, Flatpaks are very light containers (which do not require loop disks, or anything else) which should have almost no overhead. I never witnessed any loss of performance, at least.<p>- Bug and crash-wise, I experienced a tremendously stable and &quot;flat&quot; experience on Flatpaks. That is, if there is a bug in one app on one distribution, the bug will exist on all, or vice versa. This is not as common as it should be in containerized app install tools, and makes debugging overall much easier.<p>The only drawback are updates taking longer than on other platforms, probably because compressed deltas are not yet available unlike in other major package managers.<p>With this, I don&#x27;t want to describe Flatpak as a panacea in everything, but at least for GUI apps, it solved a <i>lot</i> of distribution fragmentation issues in my case.

I agree with all of this and... I just don&#x27;t care.<p>I download a Flatpak from the Pop OS store and it works. It installs only in my profile, so another user on the same machine doesn&#x27;t have access. You can&#x27;t do that with a .deb!<p>I&#x27;ve never got into dependency hell where I need to apt-get a specific version of a library from a dodgy PPA.<p>If I uninstall it, Flatpak doesn&#x27;t leave acres of cruft strewn around my disk.<p>I don&#x27;t see how randomly installing a Flatpak is any worse for security than compiling the source myself. The permission model on Linux is far worse than Android - so I just hope for the best anyway.<p>Snaps never worked right for me - and seemed to frequently break. But all my Flatpaks have run fine and at full speed.<p>Does it take up more disk space? Sure. But that&#x27;s a trade-off I&#x27;m willing to make in order to just download and run with no extra work.<p>Sure, there are some efficiency and security gains to be made. But I&#x27;m much happier with a Flatpak world than the alternative.

There is a deep trend happening in software development.<p>As the number of dependencies for building an application grows, it becomes exponentially harder to shake the tree. This used to be the role of Linux distributions, they were acting as a push-back force, asking projects to support multiple versions of C libraries. This was acceptable because there is not C package manager.<p>Now that each language has their own package manager, the role of distributions have faded. They are even viewed as a form of nuisance by some developers. It&#x27;s easier to support one fixed set of dependencies and not have to worry about backward-compatibility. This is something all distributions have been struggling with for a while now, especially with NodeJS.<p>This trend is happening on all platforms, but is more pronounced in Linux because of the diversity of the system libraries ecosystem. On Windows and macOS, there are some SDKs the application can lean on. On Linux, the only stable &quot;SDK&quot; is the Linux kernel API.

People have tried to provide a packaging format that would allow apps to declare their depencies in a distribution neutral manner[1]. It was, uh, not a huge success.<p>Let&#x27;s take an extreme example. If I build an app on Ubuntu and then try to run it against the system libraries on Alpine, it&#x27;ll fail, because Alpine is built against a different libc. We can simply declare Alpine out of scope and only support glibc based distributions, but if we want good cross-distribution support we&#x27;re still going to be limited to what&#x27;s shipping in the oldest supported version of RHEL. So let&#x27;s skip that problem by declaring LTS distros out of scope and only target things shipped in the last 3 years - and now apps can&#x27;t target any functionality newer than 3 years old, or alternatively have to declare a complicated support matrix of distributions that they&#x27;ll work with, which kind of misses the point of portability.<p>In an ideal world distributions would provide a consistent runtime that had all the functionality apps needed, but we&#x27;ve spent the past 20 years failing to do that and there&#x27;s no reason to believe we&#x27;re suddenly going to get better at it now. The Flatpak approach of shipping runtimes isn&#x27;t aesthetically pleasing, but it solves the problem in a way that&#x27;s realistically achievable rather than one that&#x27;s technically plausible but socially utterly impossible.<p>Flatpak is a pragmatic solution for an imperfect world - just like most good engineering is.<p>Edit to add: one of the other complexities is that dependencies aren&#x27;t as easy to express as you&#x27;d like. You can&#x27;t just declare a dependency on a library SONAME - the binary may rely on symbols that were introduced in later minor versions. But you then have to take into account that a distribution may have backported something that added that symbol to an older version, and the logical conclusion is that you have to expose every symbol you require in the dependencies and then have the distribution resolve those into appropriate binary package dependencies, and that metadata simply doesn&#x27;t exist in every distribution.<p>[1] <a href="http:&#x2F;&#x2F;refspecs.linux-foundation.org&#x2F;LSB_4.1.0&#x2F;LSB-Core-generic&#x2F;LSB-Core-generic&#x2F;packagefmt.html" rel="nofollow">http:&#x2F;&#x2F;refspecs.linux-foundation.org&#x2F;LSB_4.1.0&#x2F;LSB-Core-gene...</a>

The short (but polite) rebuttal to this is - OSX. DMG files are similar sized and proven to be very successful.<p>For e.g. - firefox (<a href="https:&#x2F;&#x2F;www.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;all&#x2F;#product-desktop-release" rel="nofollow">https:&#x2F;&#x2F;www.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;all&#x2F;#product-desktop-r...</a>). Win64 installer is 50mb. MacOS installer is 130mb. Linux 64-bit is 70mb.<p>Same is the case with Chrome - <a href="https:&#x2F;&#x2F;chromeenterprise.google&#x2F;intl&#x2F;en_US&#x2F;browser&#x2F;download&#x2F;#mac-tab" rel="nofollow">https:&#x2F;&#x2F;chromeenterprise.google&#x2F;intl&#x2F;en_US&#x2F;browser&#x2F;download&#x2F;...</a> . Windows MSI is 79mb. OSX PKG for the same is 195mb.<p>So by that measure - OSX has already lost right ? The entire package-everything-together has won in probably one of the largest OS ecosystem that exists today. Size does not matter... mom-proof experience does matter.<p>&gt;<i>How much progress could we make if Steam deprecated their runtimes, abandoned containerization for new games, and let all new games just use the native system libraries? How loudly do you think gamers would complain if a distribution upgrade broke their favourite game?</i><p>This OTOH does not exist. Linux gamers are 1% of either the gaming market or the desktop computing market. All gamers either dual boot windows...or android. Even for those who game on Linux, they do it on an abstraction layer like Wine. Which is what Valve maintains - <a href="https:&#x2F;&#x2F;github.com&#x2F;ValveSoftware&#x2F;wine" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;ValveSoftware&#x2F;wine</a> and <a href="https:&#x2F;&#x2F;github.com&#x2F;ValveSoftware&#x2F;Proton" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;ValveSoftware&#x2F;Proton</a><p>Valve only needs to maintain wine &amp; proton for a distribution. The games themselves ? well, they are windows only. Nobody compiles for Linux.

My experience with these is terrible. I install a JetBrains IDE via a package. I spent a very long time trying to debug a CMake problem that I assumed was my inexperience with CMake. After attacking various processes with strace, it dawned on me that the problems were caused by the IDE not being able to see files in &#x2F;usr&#x2F;local. A sandboxed dev environment! Lost for words... A relatively inexperienced dev would have a terrible time with such a thing - it couldn&#x27;t even see dev headers &amp; libs installed with apt.

My main complaint about solutions, like Flatpak or Snap, is that they add another package manager. Now I have to manage two sets of packages.<p>The baseline tools, like all the GNU standard Unix tools, and other command line tools are still managed by DNF, APT, whatever, and then another set of apps are managed by Snap. It&#x27;s pretty confusing, especially if you never use the &quot;app stores&quot; otherwise. You quickly end up with: apt install &lt;some command line tool&gt; and apt install gimp, but now that&#x27;s a different Gimp than the one in App Store. You also can&#x27;t really remove Gimp from apt, because it&#x27;s weird that apt can&#x27;t install everything.<p>I haven&#x27;t really used Flatpaks, but Snaps is confusing (to me at least), because it&#x27;s doesn&#x27;t actually replace APT and pollute the output of &quot;df&quot; and &quot;mount&quot;.<p>I&#x27;m also concerned that some packages will never be updated, or stuck on a library with security issues. Perhaps that me, but I&#x27;d rather that that one application breaks.

&gt; If I ship an app for Windows I don’t have to include the entire Win32 or .NET runtimes with my app.<p>That&#x27;s not the case anymore. If you&#x27;re aiming higher than .net framework 4.x, you have the option of either self-contained package (your app + .net core - min 70MB - appimage approach), or framework dependent (requires .net version at installation - flatpak approach).<p>I find the &quot;things are not shared&quot; section a bit weird though. Yes, not everything uses the same base and that&#x27;s sad. But I&#x27;ve got 8 flatpak apps and 7 of them do share the runtime. We&#x27;ll never get 100% unified and deduplicated approach here - in the same way we&#x27;ll never unify Gtk&#x2F;qt&#x2F;tk&#x2F;wx&#x2F;...<p>&gt; Flatpak allows apps to declare that they need full access to your filesystem or your home folder, yet graphical software stores still claim such apps are sandboxed.<p>Yes, distros really need to start talking about permissions &#x2F; capabilities rather than some generic &quot;sandbox&quot;. Some apps need to effectively read the whole disk. But maybe they don&#x27;t need to write to home. Or maybe they don&#x27;t need internet access. We&#x27;ll have to get mobile-phone-like permission descriptions at some point, because a single label just doesn&#x27;t describe the reality.

Flatpak is the future of Linux desktop applications for so many reasons, but among them it allows users not to be caught up in the dependancy mess that plagues Linux distributions. Some of the criticism here does not belong to Flatpak. E.g Fedora&#x27;s weird duplication of repositories is exclusively a Fedora problem. Has absolutely nothing to do with Flatpak.<p>Applications such as VLC and GIMP which &#x27;ship&#x27; with access to whole filesystem permission is an eternal dilemma. Would you rather the authors ship without access to this permission and break app functionality ? Or let them ship with restrictive permission and allow users to manually enable respective permissions to regain function when the software breaks? It is easy to see the feasible decision here that works for all parties here. The permission on the different accessibility store however has confusing labels on sandboxing, I agree with the point that the store should make this as clear as possible.<p>I think the bigger point the article misses is the ability to control these permissions at this level. Even if the software author ships &#x27;dangerous&#x27; default permissions, the user can always revert this decision and sandbox it effectively if they so wish.<p>Flatpak is a crucial needed fix for the Linux package distribution problems highlighted elaborately by this article but in my humble assessment, the benefits to this solution massively outweigh the nuances such as the one the author mentioned about package sizes.

&gt; How much progress could we make if Steam deprecated their runtimes, abandoned containerization for new games, and let all new games just use the native system libraries? How loudly do you think gamers would complain if a distribution upgrade broke their favourite game?<p>If the steam runtime didn&#x27;t exist, most gamedevs would only target the most popular distro - probably the current Ubuntu LTS, and you would have to recreate the runtime on your distro of choice.<p>And once there&#x27;s a new Ubuntu release you would also have to recreate it there (or the game updates and now you&#x27;ll have to recreate it on the now-old version).<p>The choice isn&#x27;t between steam runtime and a utopia, the choice is between the steam runtime and something much <i>worse</i>. Linux libraries simply aren&#x27;t stable enough in API and ABI.

<p><pre><code> If you are a Linux distribution maintainer, please understand what all of these solutions are trying to accomplish. All your hard work in building your software repository, maintaining your libraries, testing countless system configurations, designing a consistent user experience… they are trying to throw all of that away. Every single one of these runtime packaging mechanisms is trying to subvert the operating system, replacing as much as they can with their own. Why would you support this? </code></pre> Uh, because User Freedom™? Or are we supposed to consume Linux applications exclusively via the maintainer-supplied packages? Also, is this part: &quot;testing countless system configurations, designing a consistent user experience&quot;, ― something that actually happens? Given the example in this very article about Fedora going to auto-convert all its rpm packages to Flatpak it sounds, as the youth says nowadays, &quot;kinda sus&quot;.

The most important takeaway from this is, to me, the need to separate sandboxing from dependency management.<p>However, as can be seen with AppImage, which seems to be strictly focused on dependency management, that results in bloat.<p>It would be great if we could have a sandboxing solution that ignores the dependency management altogether.<p>The problem is not with Flatpak or Snaps (or Docker). The problem is that the fragmentation in the actual, live-deployed Linux system runtime is huge. At one point, I know Canonical suggested a common, shared baseline for all LTS editions of all distributions at some point, but there was no interest from Red Hat in particular (the other &quot;largest&quot; player). It&#x27;s not too surprising, since Red Hat is the biggest contributor to the base GNU&#x2F;Linux system, so it can decide how it deals with it and push it onto others.<p>Backwards compatibility is hard in software in general, but I think simple extensions of tools like apt and apt archives (like Launchpad PPAs) would have allowed binary distribution of software in an already familiar way where dependency management is not a solved problem per se, but has all the familiar gotchas.<p>As for app stores, that&#x27;s surely an effort to extract some profits, but it&#x27;s also what big customers are asking for for their IoT solutions.

As Linux user and app developer (shameless plug <a href="https:&#x2F;&#x2F;github.com&#x2F;olegantonyan&#x2F;mpz&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;olegantonyan&#x2F;mpz&#x2F;</a>) I deliberately avoid snap&#x2F;flatpak&#x2F;appimage&#x2F;etc.<p>Instead, I suffer with Open Build Service <a href="https:&#x2F;&#x2F;build.opensuse.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;build.opensuse.org&#x2F;</a>. It&#x27;s kind of cool, free and can build for multiple distros, but making it actually do so is a pain. But I still prefer this over flatpak&amp;co both as user and as developer.<p>It just doesn&#x27;t look like &quot;the future of application distribution&quot;, <a href="https:&#x2F;&#x2F;nixos.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;nixos.org&#x2F;</a> does.

The article bashes Flatpak portals as complex but otherwise doesn&#x27;t make any solid arguments against them. That&#x27;s important because it&#x27;s easily the most important remaining problem to solve to get an effective sandbox.<p>I actually like that for apps that have no business reading any files on my system they simply cannot do so. Sure, you can point to apps like GIMP and such that have chosen to give access to the file system by default to make it easier for users while portals get polished. If that bothers you then simply use Flatseal to change those permissions. Meanwhile apps like Spotify are entirely restricted from accessing any of my filesystem. Likewise Discord can only access files from a specific directory or a youtube-dl style tool like VideoDownloader also cannot access any of my files and always includes the latest version of ffmpeg and youtube-dl regardless of distro politics.

I agree that the implementation is lacking. Snap has the abysmally named &quot;--classic&quot; parameter to allow installs to &quot;run without confinement&quot;. Flatpak can request permission changes at install time (albeit declaring them), where users are likely to just click OK&#x2F;OK&#x2F;OK. The sandboxing needs to be tightened up.<p>Flathub is a strange beast. There&#x27;s no mention of security on their wiki. They stopped publishing minutes (or moved them elsewhere?) in 2017 (<a href="https:&#x2F;&#x2F;github.com&#x2F;flathub&#x2F;flathub&#x2F;wiki" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;flathub&#x2F;flathub&#x2F;wiki</a>). They have a buildbot for automated updates from developers, but they accept binaries anyway (e.g. <a href="https:&#x2F;&#x2F;github.com&#x2F;flathub&#x2F;us.zoom.Zoom&#x2F;blob&#x2F;master&#x2F;us.zoom.Zoom.json" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;flathub&#x2F;us.zoom.Zoom&#x2F;blob&#x2F;master&#x2F;us.zoom....</a>), so what&#x27;s the point? It appears to be a fairly amateur effort, and yet is at the center of the infrastructure Red Hat and Gnome are pushing. I&#x27;d love to see some white hat activity targeted at compromising it, to demonstrate the shaky foundations.<p>But on the other hand, it&#x27;s nice that I can run Zoom sandboxed (apparently - it&#x27;s not obvious what the granted permissions are: <a href="https:&#x2F;&#x2F;www.flathub.org&#x2F;apps&#x2F;details&#x2F;us.zoom.Zoom" rel="nofollow">https:&#x2F;&#x2F;www.flathub.org&#x2F;apps&#x2F;details&#x2F;us.zoom.Zoom</a>). It&#x27;s nice that Jetbrains and Zoom have a way to publish apps that can run on all distros. It&#x27;s nice that I could rollback a version of IntelliJ that was buggy with a single snap command that took 5 seconds. The goals are good.<p>I wish Linus took more of a BDFL approach to the desktop occasionally. Ubuntu &amp; Red Hat need to sit down in a room and have a constructive conversation to converge Snap and Flatpak into something new, deprecating the infrastructure built to date, and fixing some of the glaring problems. There&#x27;s room for both to make money without further diverging the ecosystem.

Meh... i used to install tarballz, hunting for .so files, then RPMs hunting dealing with circular RPM dependencies, then DEBs dealing with unmet dependencies. As I age all that got boring. I hate Snaps because of how intrusive is with the system.<p>Flatpak brings Linux to what OSX had like 10 years ago. It just works<p>Regarding download size? Even I, living in a third world country, have an internet connection good enough to not care about download sizes...<p>Regarding file redundancy. If that is much of a problem for anyone, I&#x27;m sure that could be dealt with at the file system layer: hash&#x2F;detect duplicate files and compact them, then copy on write. Personally, HDD space hasn&#x27;t been an issue for me on PC or laptops in a long time.<p>Flatpak finally just work and we have the technology to make it usable. Moreover I argue that flatpak IS the future as those 2 previous points will become more irrelevant as time goes by.

Unfortunately, Flatpaks are the new SystemD. As in, a solid technology which solves real world problems but will face immense resistance from a community filled with splinter groups that have their own pet technology on the same niche, and will accept absolutely nothing else as an alternative. There is simply no path to standardization in this community other than big players like Red Hat and Canonical strong arming their pet technologies in, much to the disdain of everybody else.<p>As for me I&#x27;ll keep using Flatpaks as they work great and have wide support. Alternatives are either obnoxious to use (Nix and Guix) or lacking in basic functionality (Appimages).

To be fair most of that is a result of an ecosystem of idiots and not of the fundamental design itself.<p>It <i>has</i> a namespacing feature, so f-ck&#x27;n use it. Instead, they intentionally produce collisions.<p>Providing and sharing common runtimes could have worked pretty well if developers actually used a small set of common runtimes instead of picking from one of a gazillion slightly different rebuilds.<p>As a replacement for &quot;native&quot; package management? No. Flatpak makes sense if you have a small number (&lt; 5) packages that you want to run from upstream so you can always have the latest version while continuing to use your distro&#x27;s native packages for everything else.<p>Unfortunately (and ironically) it&#x27;s ill-suited for games, which need to have the latest GPU drivers available, which is antithetical to the whole idea of a stable, universal base system.

&gt; If you are a Linux distribution maintainer, please understand what all of these solutions are trying to accomplish. All your hard work in building your software repository, maintaining your libraries, testing countless system configurations, designing a consistent user experience… they are trying to throw all of that away. Every single one of these runtime packaging mechanisms is trying to subvert the operating system, replacing as much as they can with their own. Why would you support this?<p>This sound like a luddite that is against machines. How about embrace the revolution and then you can save a huge amount of work and focus on other things. There are enough things distor people could focus on instead.<p>I don&#x27;t buy any of the technical arguments here and it sounds mostly like moralizing argument rather then anything else.

I dunno. I had my doubts for the longest time but recently I&#x27;ve started, little by little, placing my bets on Flatpak. Snap can go to hell, for reasons exhaustively discussed here and elsewhere, but Flatpak is reasonably solid, open and performant technology that fits the problem it&#x27;s trying to solve. I wouldn&#x27;t mind if it takes over the distribution of big, GUI desktop apps on linux.

There quite a few things I don&#x27;t agree with in regard of this article.<p>First, the suggestion that permission should be prompted when running the app, the app using some sort of API. This would mean that Linux app should become tightly coupled to Flatpak. I have no idea how it would be possible to convince all developers, distributions, vendor to adopt Flatpak. I think it would be largely ignored so an ineffective way to bring those change to the Linux ecosystem in the end.<p>Then, I don&#x27;t have the real answer, but prompting users with questions when they use the app is the worst approach to security. Being tech literate helps understanding what&#x27;s happening, but people with less understanding answer those out of annoyance because they&#x27;re trying to do something and, all of a sudden, the operating system gets in the way. The choice is not driven by security concerns but by frustration or urgency.<p>I can&#x27;t think of any operating system that found the right solution yet, but I do think that the Flatpak approach is by far the smartest. Just naturally give access to things by following user choices (just give access to the select file once the file is selected, just give access to the screen the user choose to share once the user choose to share it). No more stupid prompt that gets in the way of things.<p>Speaking of runtimes, it&#x27;s exactly the same problem. For Flatpak to be adopted, it would require all distribution to invest a lot in it. How would it work for Gentoo and its use flags for example? How to deal with different versions of dependencies?<p>What would happen would likely be for distribution to build the equivalent of runtimes, but on their side, allowing to have several versions in parallel. So in the end, it would be a similar situation, but much more messy as each distribution would have to do the job. Is having those runtimes an actual problem or the solution that Flatpak came up with to the problem of fragmentation in distributions? In my opinion it&#x27;s the second.

Nice to see some effort to stop the Docker insanity. It’s a great way to download 2GB on a slow interest so you can use a 200kb piece of software.

A good illustration of why easy wins every time.<p>In my experience, Flatpack and their ilk make it easier for end-users to install applications and for developers to distribute them.<p>Alternatives may be orders of magnitude better from a performance, size, and&#x2F;or complexity standpoint but until they&#x27;re at least as easy for both end-users and developers they&#x27;ll never reach critical mass.

Snap startup speeds have increased considerably since <a href="https:&#x2F;&#x2F;ubuntu.com&#x2F;blog&#x2F;why-lzo-was-chosen-as-the-new-compression-method" rel="nofollow">https:&#x2F;&#x2F;ubuntu.com&#x2F;blog&#x2F;why-lzo-was-chosen-as-the-new-compre...</a><p>Spotify and telegram open up pretty much instantly for me. Ubuntu 20.04

From my subjective (user) point of view, flatpak is pretty fine. Yes, I do get annoyed whenever I run flatpak update and see 5-10 updates to drivers or runtimes in the range of ~100MB each. But I also want applications to be &quot;just working&quot;.<p>What kinda annoys me though is that file dialogs open in the background. Now I am used to check for it, but when the main window is still in front, yet blocked, because focus is in the file dialog modal, that can get confusing for a moment.<p>AppImage is ok for me too, the application needs to be &quot;complex&quot; enough to justify the download size though. Precisely what the KCalc example from the article does not do. I didn&#x27;t even know there is a daemon thingy that auto-integrates them, usually I put them in a folder, grab an icon somewhere and place it next to it with same name, then add an entry in OS manually, so it appears in app starter, can be placed on task bar, etc.<p>It&#x27;s just a few clicks and if I ever get annoyed by it because I find myself doing it several times a day, I should ask myself if I am maybe just installing way too much stuff? :)<p>Edit:<p>Wanted to mention there is an application called &quot;FlatSeal&quot; that lets you view and (to a degree) edit permissions of Ftatpak Apps. <a href="https:&#x2F;&#x2F;github.com&#x2F;tchx84&#x2F;flatseal" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;tchx84&#x2F;flatseal</a> (I use it for spectating only on occasion, because too much fiddling will probably break the app at some point).

&gt; The state of software development is downright miserable in 2021.<p>This tired refrain shows an obscene lack of gratitude for all the things that just work. Yesterday evening I participated in a Twitter Space on gratitude for all the great things we have as software developers, and I will repost the recording here when it&#x27;s available.<p>Edit: My mistake; the recording was already posted: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=U10SuAHV8kQ" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=U10SuAHV8kQ</a>

I have had the least issues with AppImage. It does not fit every use case. It does not need to. If you can ship an AppImage, please consider doing so.

I don&#x27;t know about others, but I use snap basically for apps that are not in the repository, and I can avoid the PPA mess.<p>Currently the only app in my laptop with snap is Brave. I remember when I wrote the apt install brave, there was a line in the console suggestig to use snap.<p>So for me, as long is anecdotal, it&#x27;s fine. I agree with the author, it&#x27;s too much bloat, it doesn&#x27;t matter that disk space is cheap.

Re security: This is probably best fixed by packaging apps with SELinux rules, which are enforced and cannot be disabled, plus responsive maintainers. There could be more than one app version to allow different SELinux rule strengths, per-app.<p>Re disk space: no mention of Nix? That also solves updateability for security issues. Another solution is Gentoo&#x27;s -- deliver the sources and recipes, (re)build as needed. That could also work in userspace.<p>It would be nice to be able to 1) distribute Linux GUIs 2) let friends install them easily 3) have the friend edit the GUI app logic and run the modified version. AFAIK, this is currently only possible with apps based on interpreted languages (e.g., Python+GTK), but even there you&#x27;d need to guide your friend to install the required packages.<p>Re &quot;the state of software complexity in 2021&quot;: Ignore complex software, and just don&#x27;t include it on your system. Start with a subset, and add only what you need. That&#x27;s how OpenBSD remains manageable. If people want to extend, they can go ahead. But you don&#x27;t have to fix the world.

&gt; If I ship an app for Windows I don’t have to include the entire Win32 or .NET runtimes with my app. I just use what’s already on the user’s system.<p>No, you just trigger the download on install to get the 15th version of the runtime

End users do not care about this. If the download works then they are happy.<p>A non-flatpak example is Electron. No one cares how big it is. It works.<p>I download huge games from Steam all the time and have never looked at the size of a game even a single time... in years. Disk space is still cheap on end users machines.<p>As long as the calculator works I do not care how much disk space it takes up.

&gt;Note that the app package itself is only 4.4 MB. The rest is all redundant libraries that are already on my system.<p>The author promotes avoiding this redundancy by using the libraries on the host. But maybe we should go the other way, by having only the bare necessities to run the OS installed on the host, and install all applications as Flatpak.<p>I agree with some things though. Different versions of the runtimes should share as much as possible, so as to consume as little space as possible, and libraries retaining backwards compatibility would help with this. And applications should target the regular Freedesktop&#x2F;GNOME&#x2F;KDE runtimes if possible, Fedora shouldn&#x27;t be doing their own thing completely separate from Flathub. And we need to get applications to use portals and not allow them to declare file system access on install time.

&gt;They should... Build a fine-grained user-interactive runtime permission system that requires the app to make Flatpak-specific API calls to activate permission dialogs<p>What the article wants is useless without fixing Linux&#x27;s security modules. Very few people know how to use SELinux or AppArmor, there&#x27;s no standardization between distros and apparently even RedHat has given up.<p>Flatpak and Snap do containerization because they have no good alternative.<p>P.S.<p>&gt;If I ship an app for Windows I don’t have to include the entire Win32 or .NET runtimes with my app.<p>Note that Microsoft has been moving away from that with .NET Core&#x2F;.NET. The new runtime does not come with the OS. It&#x27;s still possible to create a package and have .NET installed separately, but as far as I can tell, most people prefer to package with the runtime.

I think this article is not providing adequate alternatives.<p>Most programs link against quite a bit more than libstdc++ and you clearly can&#x27;t expect users to install a bunch of packages to get their program running. Those extra libraries usually take up most of the space in a package. If you include all the shared libraries you need, apart from the system libraries in your distribution, you pretty much have an AppImage already, just as a tarball instead of a squashfs image.<p>I think GOGs path is not horrible, but it is much less effective at making Linux a viable alternative as a gaming platform. They literally only support Ubuntu 16.04 and 18.04.<p>It also struck me as odd, that the author was complaining about the complexity introduced by Proton. What is Valve supposed to do?

&gt; I implore you, do not use these packaging tools. Don’t add their services to your Linux distributions, don’t use apps packaged this way, and don’t ship apps that use them. Mass containerization and alternate runtimes cannot possibly be the future of desktop apps on Linux. If this is really the direction it’s going, the future will be so shitty that we’ll all end up back on macOS or Windows.<p>As a long time desktop user, I&#x27;ve dropped Ubuntu for Debian because of this. At some point in the past Ubuntu seemed like it was going all in on snaps. I don&#x27;t know what they&#x27;re doing now, but I don&#x27;t care any more.

As a linux user, but not a developer, I&#x27;ve always been surprised by the backlash against Flatpack and Snap.<p>For me they work wonderfully. On Ubuntu I usually go for the Snap since it just works. Solving multiple dependency issues before I can use a tool always cost me time before. Now, not so much. Even AppImage is nice.<p>The fact that most software is even <i>available</i> on Linux now is due to the fact that developers can create <i>one</i> app for Linux, in stead of multiple.<p>Maybe I&#x27;m not familiar enough with GNU&#x2F;Linux to see the drawbacks, but if it&#x27;s just disk space I&#x27;ll happily make that trade.

&gt; Flatpak and Snap apologists claim that some security is better than nothing. This is not true.<p>Oh no we&#x27;re all doomed.

Don&#x27;t know if it is the future, but has been making my present much better.<p>I can finally have a stable distro with released yesterday packages. As a test I tried installing GIMP on raspberry pi, a x86 bits ubuntu 18.04 machine a x64 bits ubuntu 16.04 machine and x86 bits ubuntu 20.04. Three architectures, 4 distros, 4 machines: 1 command, the same software. It took a bit long to install on the raspi but it worked.<p>Flatpaks, snaps and appimages finally blurs the lines between distros. If there are problems, they should be improved, not abandoned.

Flatpak very likely is not the future indeed but it seems like a good step towards it.<p>Of all the arguments of the author I only agree with the RAM usage part. It&#x27;s true that having containerized apps will lead to much more CPU L-cache trashing which can dramatically reduce performance if you are regularly starting and stopping programs. This is indeed a problem that needs solving. I can envision a NextFlatpak that keeps a global cache of versioned libraries (kind of like Apple does in macOS) so as to try and reduce RAM usage as much as possible.<p>And I agree with the author on the startup time (which is also related to memory usage and CPU cache trashing). That too is a problem that needs solving.<p>The rest of the arguments though, meh. Are you seriously arguing the case that we need to respect 120GB NVMe SSDs because they are &quot;expensive&quot;? Really? I spent 255 EUR (288 USD) on a 2TB NVMe SSD (and it has 3210 TBW of endurance, one of the very highest of all NVMe SSDs!) for a <i>spare dev laptop</i> and I am convinced most devs would have no trouble making that purchase any time they get the whim about it. And even people in my poor country, people who are mind-blown by their new 1300 EUR salary, can <i>still</i> plan financially well enough to afford a new iPhone 3-6 months later. So again, not convinced here. As much as NVMe SSDs are expensive <i>per GB</i>, they are still well within the grasp of most users <i>who actually need them</i>.<p>As for security, it seems the author overstates the efforts of distro maintainers. They do an admirable job, this is well-known, but they really can&#x27;t be everywhere so him praising them so much might be a bit misguided (as do other posters here). Flatpaks don&#x27;t change the game in almost no measure there, especially if they get properly isolated (as another poster alluded to: I want to be able to stop all internet access to an app; just one example). And none of what the author states will stop a malicious app that&#x27;s not in a container so really, what&#x27;s his point there? That the Debian maintainers inspect 100% of all apps and will spot a malicious calculator? Come on now.<p>And the rest of the post is just ranting and having a beef with a few things, which is clearly visible by his change of tone. Call me crazy but such an article can&#x27;t be called convincing. ¯\_(ツ)_&#x2F;¯

It seems that Flatpak, Snap and AppImage are the present and future of packages that work on multiple distros. There are no other new alternatives in the article.

This gave me an idea: how about shipping an installer with an embedded appimage. The installer will check the system libraries for compatibility, and if compatible, it will install the application so that it uses the system libraries. If not compatible, it will install the appimage (and do the desktop integration stuff).<p>I actually really like appimages for distributing games and small apps. The user experience is a lot like executables on Windows, where you can just download any exe from anywhere and expect it to just work. Sure, the large size can be a problem, but not every appimage will necessarily end up that huge.<p>The lack of sandboxing isn&#x27;t a big deal in my eyes because as the author mentioned with Flatpaks, most apps end up with too many permissions anyways. Proper sandboxing needs some kind of gate keeper&#x2F;moderator to pressure developers into following the rules. This can be done with app stores, but the only working app store for Linux desktops is Steam, and that&#x27;s only for games. (to be fair, KDE Discover works, but it&#x27;s a very poor user experience)

This clearly shows how old I am (or have become), it is a (crappy) calculator:<p>&gt;Note that the app package itself is only 4.4 MB.<p>Calc 98 is huge at 495 KB:<p><a href="http:&#x2F;&#x2F;www.calculator.org&#x2F;download.html" rel="nofollow">http:&#x2F;&#x2F;www.calculator.org&#x2F;download.html</a><p>Xcalc (RPN) is around 200-240 KB:<p><a href="http:&#x2F;&#x2F;www.tordivel.no&#x2F;xcalc&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.tordivel.no&#x2F;xcalc&#x2F;</a>

I write commercial applications in Qt&#x2F;C++ for Windows and Mac. People do ask me about Linux versions. It would be relatively straightforward to port the code to Linux. But the mess of different distributions and libraries really puts me off.<p>Is anyone here distributing a commercial Qt&#x2F;C++ app on Linux? Are you using Flatpak or something else?

All of these things aped by dissertation<p>see: <a href="https:&#x2F;&#x2F;www.usenix.org&#x2F;legacy&#x2F;events&#x2F;atc10&#x2F;tech&#x2F;full_papers&#x2F;Potter.pdf" rel="nofollow">https:&#x2F;&#x2F;www.usenix.org&#x2F;legacy&#x2F;events&#x2F;atc10&#x2F;tech&#x2F;full_papers&#x2F;...</a> and <a href="http:&#x2F;&#x2F;www.usenix.org&#x2F;events&#x2F;lisa11&#x2F;tech&#x2F;full_papers&#x2F;Potter.pdf" rel="nofollow">http:&#x2F;&#x2F;www.usenix.org&#x2F;events&#x2F;lisa11&#x2F;tech&#x2F;full_papers&#x2F;Potter....</a><p>what I did differently was basically say that it should be a linux distribution. each layer should be equivalent to a debian&#x2F;redhat package, with full dependency information between them. therefore it be easy to a) create an image (just pick the highest level things you want and the rest get resolved automatically, much like calling yum&#x2F;apt-get in a Dockerfile) b) upgrade an image when you want to (i.e. similiar to upgrading an existing redhat&#x2F;debian system, it just creates a new image artifact that can be tested and deployed)<p>you also don&#x27;t have much hiding in the system as opposed to today. Yes, they might be built on debian, ubuntu or redhat, but you really can&#x27;t verify easily what changes they made in the middle with ease. In my system, imagine there&#x27;s a &quot;Debian&quot; layer repository, in general, you would end up with a bunch of easily verifiable debian layers and a small set of &quot;user defined&quot; layers (and when an image is deployed, the actual container layer). the user defined layers would be much harder to hide things in, i.e. it be very visible if one is overriding binaries or configuration files that you expect to come from a controlled package.<p>considering the amount of language and implementation that docker seems to share with mine that predates it, one has to wonder if they saw my talks &#x2F; read my papers (though yes, its very possible they came up with it totally independently as well). They were active in the usenix and lisa communities (at least when they were more alive).

This article is full of either errors, or at least misleading statements. It comes across as trying to say something controversial to get attention.<p>Just one obvious glaring issue with the article:<p>&gt;Note that the app package itself is only 4.4 MB. The rest is all redundant libraries that are already on my system<p>Um, no. It&#x27;s not redundant. Your system might get updated, replacing the needed libraries with backwards incompatible libraries, and then your app would break.<p>I do agree with the general idea that not limiting possible runtimes to an approved list means essentially infinite runtimes, which can balloon disk space. I think you need choice to prevent stifling innovation. At least at first. But hopefully the community will end up doing the right thing here over time.

Right! Time to pushback against these developers who uses Flatpaks, Appimages, Snaps, Electron, etc. We are no longer in the world of doubling performance and memory size. Even more, nowadays people are conscious of the power usage. Time to fight the bloat!

&quot;There will still be occasional differences between distributions. These are things you can work around. It may be painful at first but it will be worth it: you will provide a much superior user experience by working around the issues with your users’ libraries rather than attempting to replace them.&quot;<p>Sure, like it was happening 20 years ago, and we still had apps break ALL THE TIME when the user just upgraded to a new distro version or when she changed her distro. It&#x27;s simply not scalable. It has already been tried. Sure, the flatpak world is not perfect, and I would never choose this option (maybe I like snap better), but it&#x27;s a step in the right direction.

Snaps and Flatpaks are bloated, slow, and a downgrade on user experience at all levels. I use linux because it is lean, fast and has great package managment (apt). I&#x27;d rather go back to using Windows than use Flatpaks or Snaps.

&gt; This is uncompetitive with Windows on its face. If I ship an app for Windows I don’t have to include the entire Win32 or .NET runtimes with my app. I just use what’s already on the user’s system.<p>What about the gargantuan WinSXS folder?

After giving flatpacks and the like a good, solid try, I have come to truly detest them. This article hits on most of the reasons why. If I can only get software in flatpack form, that software does not exist for me.

This is all good and true, but it&#x27;s looking at the problem from the Linux distribution&#x27;s perspective. The user wants a working application. Something like AppImage allows a small team to distribute a working package for every distro. Now imagine that team of 5, working on their app, packaging it for ubuntu, fedora, arch, rhel, ... It&#x27;s just not possible.<p>What would solve this issue? A common package manager and central repository, across all Linux distributions. Then the small team only needs to package and ship to one repository, in 1 format.

So I love linux. Particularly, as a desktop system, I like Arch and derivatives of it, mainly for the pacman package manager and the Arch user repository.<p>But I have trouble finding packages, and I hate to compile. So I use Debian instead.<p>I would rather just use a distro that isn&#x27;t ideal for me than start using flatpak and snap and all this other stuff. I really don&#x27;t like how fragmented packaging is in the Linux world, but I will not use these prepackaged containers that have all dependencies included. They&#x27;re worse.

Flaptak? I&#x27;m going to call flatpak from that now.<p>OP might want to edit this.

The future is Flatpak plus the heuristics Steam does to determine if something is a &quot;core lib&quot; (like LLVM, Mesa, etc.) that should be centralized rather than installed per-app. And then (and this is just me dreaming about a better future) the Linux world will eject all of the bad programmers and start maintaining backward compatibility, so you can just symlink libLLVM.so.5 to libLLVM.so.6 and it&#x27;ll just work.

Feel like we’ve really missed an intermediate solution based around tree-shaken statically compiled code. A lot of the goals achieved by docker et al could be met with some kind of multi-elf file format that is basically a collection of statically linked executables combined with a way to read built-in configuration files. Maybe this already exists &#x2F; works.

Don&#x27;t know what to think about this blog post; it&#x27;s not a very coherent critique, since it throws together various issues of user-packaging-formats that mostly specific to only one of the formats. And these don&#x27;t seem to be &#x27;inherent&#x27; in their design. Well, one is.<p>Let&#x27;s go through some of the issues:<p>&gt; Size<p>My &#x2F;var&#x2F;lib&#x2F;flatpak is 13 GB in size. That&#x27;s a lot of space. On the other hand; that&#x27;s about one game with content and textures, so I&#x27;m not sure that is too much of an issue. With more and more applications agreeing on the base systems, I expect this to get smaller<p>&gt; Memory Usage, Startup times<p>Snap is ungodly slow at starting up applications and that&#x27;s broken and that <i>is</i> a fundamental design flaw. This issue, however, is not at hand with Flatpak; it doesn&#x27;t have a startup problem.<p>Neither Flatpak nor Snap have increased memory usage because of containerization.<p>&gt; Drivers<p>Yes, Nvidia sucks. Do you hear, Nvidia? Mainline your driver already.<p>&gt; Security<p>&gt; &quot;Flatpack and Snap apologists claim that some security is better than nothing. This is not true.&quot;<p>That&#x27;s debatable. The same argument was made against seatbelts, child-proof pill bottles or guard-rails on cliff streets and I don&#x27;t think it holds up. Even if seatbelts don&#x27;t protect you from any harm, they protect you against some harm.<p>Currently, Linux desktop software offers no security against malicious code. The only protection the &#x27;traditional&#x27; Linux desktop offers against malicious code is user separation, which is no protection at all. Before full security can be offered, applications need to be migrated to safer practices.<p>&gt; Permissions and Portals<p>This doesn&#x27;t seem to be a critique of any user-packaging-format but rather of how GTK implements interactions with Portals.<p>&gt; Identifier Clashes<p>That&#x27;s a problem that arises from Flatpaks decentralized nature; everyone can create a repo and add packages of any names there. I agree that it would be nice to not have these clashes. Notice that this is not an issue with Snaps, since with Snaps there&#x27;s a central authority assigning the identifiers.<p>&gt; Complexity<p>Some of the complexity cannot be avoided. Either for backward compatibility or for security. I pretty much doubt that Flatpak this will be reason that civilization collapses. (That would be shortsighted greed and NIMBYism)<p>&gt; All of these app packaging systems require the user have some service installed on their PC before any packages can be installed<p>All app packaging systems require at least <i>some</i> installed component. There&#x27;s no way you can make a software run on all systems without requiring at least <i>some</i> infrastructure. Do you want your 64-bit AppImage to install everywhere? To bad! it requires 64-bit glib to be installed.<p>&gt; App stores<p>&gt; [...] This is the reason Ubuntu wants everyone to use Snap [...]<p>This seems to limited to Snap. Again, not a fundamental design issue.<p>&gt; Backward compatibility<p>&gt; Forcing Distributions to Maintain Compatibility<p>&gt; I believe this is partly due to a militant position on free software.<p>This sounds like he wants to dictate FOSS developers how to develop their software? See, I understand your frustration - but that&#x27;s not how FOSS works. You cannot force anyone to spend time on stuff they don&#x27;t <i>want</i> to do.<p>There&#x27;s some valid criticism in there, but it just reads like an angry rant. I think the author could do better by making individual articles about the shortcomings of both Snap and Flatpak, instead of just lumping them together. Snap and Flatpak are just too different.<p>In the end, Flatpak <i>is</i> the future. No one is going to package their software for the nth minor distribution and I rather have a slightly (size)-inefficient system of packaging software rather than not have access to that software. Distributions have started to recognize that they cannot package everything and have started to reduce focus to a smaller set of core packages that work well together.

Very valid points. But the average open source app developer or even a developer of a commercial application for linux just doesn&#x27;t have the time, energy or money to keep installation instructions up to date and support those both with development time and by responding to issues.

I&#x27;ll keep this short and sweet, because I could complain about Flatpaks for hours:<p>If you distribute your software via Flatpak, you can forget about me ever using it. Every computer I own has Flatpak disabled, and I will use system repos until the day I die. Plan accordingly!

That&#x27;s true, future app distributions should utilize web 3.0, e.g. decentralization. There is 0install ( <a href="https:&#x2F;&#x2F;0install.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;0install.net&#x2F;</a> ), for example, it is better.

And nobody talks about Slax modules. Too many years ago, they had some basic containerization (only at filesystem level). If it got some kind of dependency managment, it would be really great.

If you find these sort of problems interesting, I couldn&#x27;t recommend checking out NixOS more. IMO it&#x27;s the next generation solution.

Sighs at the next 229Gb required update to Flight Simulator 2020

So Linux desktop is dead and MS wins it after all?

Snap certainly isn&#x27;t. But flatpak might be

Lots of other debate (both pro and con) that I&#x27;m not going to get into. I like the effort going into Flatpak, but I don&#x27;t like everything it&#x27;s doing.<p>Is Flatpak really secure, is it&#x27;s permission system good, how does resource sharing work, whatever. I&#x27;m not going to comment on any of that in either direction.<p>But I do want to call out this specific paragraph:<p>&gt; Apparently, developing client APIs for apps themselves is antithetical to Flatpak’s mission. They want the apps running on Flatpak to be unaware of Flatpak. They would rather modify the core libraries like GTK to integrate with Flatpak. So for example if you want to open a file, you don’t call a Flatpak API function to get a file or request permissions. Instead, you call for an ordinary GTK file open dialog and your Flatpak runtime’s GTK internally does the portal interaction with the Flatpak service (using all sorts of hacks to let you access the file “normally” and pretend you’re not sandboxed.)<p>Heck client APIs. This is the <i>correct</i> way to do sandboxing, for two reasons:<p>----<p>First, this is not something that&#x27;s immediately obvious, but over time with both phone platforms and on the web have been starting to learn that applications should not be able to change their behavior or monitor whether or not they are sandboxed. This closes an important hole in app security where application developers either change&#x2F;block behavior, or try to &quot;trick&quot; users into granting unnecessary permissions.<p>For a filesystem, an application should not be aware of whether it has access to every file, it shouldn&#x27;t be aware of whether or not it&#x27;s running on a temporary filesystem. And while it should be able to ask the user to grant it access to a directory, it should have no easily way of validating whether or not the user granted that permission -- it should just get a folder pointer back, regardless of whether that pointer is real, a different folder, or a virtual&#x2F;temporary location.<p>A lot of existing sandboxing doesn&#x27;t follow this rule. The web is normally pretty good at sandboxing, but in this regard it&#x27;s honestly pretty bad. We can&#x27;t follow this ideal with everything, there are some permissions that are impossible to fake. But in general, we don&#x27;t want to make things too easy for malicious developers.<p>&gt; If I want file access permissions on Android, I don’t just try to open a file with the Java File API and expect it to magically prompt the user. I have to call Android-specific APIs to request permissions first. iOS is the same. So why shouldn’t I be able to just call flatpak_request_permission(PERMISSION) and get a callback when the user approves or declines?<p>In this regard, Android and iOS are <i>wrong</i>. Not as a matter of opinion, I will make a medium-to-high confidence claim that they are just flat-out approaching sandboxing security incorrectly. It&#x27;s not their fault, I wouldn&#x27;t have done a better job. This is something that we&#x27;ve become more aware of as we&#x27;ve seen how sandboxing has evolved, and as it&#x27;s become more obvious how apps try to circumvent sandboxes. And this could be a longer conversation, yes there are tradeoffs, but the benefits of this approach far outweigh them, and I think in the future that more platforms (including iOS&#x2F;Android) are likely to move towards seamless permissions that are hidden from applications themselves.<p>Remember we sandbox applications in part <i>because we don&#x27;t trust developers.</i> And while it&#x27;s not the only reason for hiding user controls from apps, it is a good enough reason on its own. Don&#x27;t give attackers unnecessary information if you can help it, this is security 101.<p>And the author is right, this approach is genuinely more brittle because it requires building mocked&#x2F;sandboxed API access rather than just throwing an error. But hey, sandboxing itself is more brittle. We deal with it for the UX&#x2F;safety improvements.<p>---<p>Second, for the reason that the author hints at:<p>&gt; Fedora is auto-converting all of their rpm apps to Flatpak. In order for this to work, they need the Flatpak permission system and Flatpak in general to require no app changes whatsoever.<p>There are substantial advantages to having sandboxes that work with existing apps. This is always a give-and-take process, but in general we don&#x27;t want to force updates of a large portion of user-facing apps. And we want them to be easy to get into Flatpak.<p>The core libraries, user portals, distros themselves -- it is a pain to update them, but they have more eyes on them, they are more likely to be updated securely, and they have more resources available to them. I think it would be a mistake to shift that burden entirely onto application developers. Linux has a habit of doing this kind of thing sometimes, and it&#x27;s a bad habit. We want Flatpak (or any sandboxing system) to be something that can be wrapped around applications without a lot of work. Ideally, a 3rd-party maintainer might even be able to bundle an app themselves.<p>There is also a sort of future-proofing built into this, which is that there is no such thing as a sandboxing system that&#x27;s secure from day 1. We&#x27;ve seen this pop up on the web, which (for all of its general criticism about expanding capabilities) still has a much smaller attack surface than most native apps. Web standard developers are very careful, but there are still breaking changes sometimes when new security measures&#x2F;permissions need to be added.<p>It would be very good if (as much as is possible), introducing additional new privileges and sandboxing capabilities to Flatpak did not require code updates for every single app using those capabilities that was built for an older version of Flatpak. If it&#x27;s at all possible to avoid that scenario, avoiding it is the correct move to make.<p>And finally, touching on burdens for maintainers again, different people may prefer different permission systems. If at all possible, we want to avoid forcing individual app developers to fragment their codebase and maintain different branches for different security sandboxes. Flatpak should run the &quot;base&quot; version of your app with little to no changes. This also benefits users, because fragmentation and forcing users to install multiple simultaneous sandboxes on their machine is heckin awful.<p>So for all of those reasons, minimizing code changes for individual apps is a really good goal to have, even if it admittedly makes Flatpak more complicated and a bit harder on core platforms like GTK.<p>----<p>Other criticisms, whatever, I have some thoughts but it&#x27;s not important for me to give them.<p>But the sandboxing criticisms I see in this article betray (to me) a lack of understanding about what the current problems are with phone&#x2F;web security and what the next &quot;generation&quot; of sandboxing problems are that we&#x27;re going to face. And I think that Flatpak is at the <i>very</i> least approaching sandboxing through a more mature&#x2F;modern lens than the one we were using X years ago in early smart phones.

&quot;Software has gotten so much slower and more bloated that operating systems no longer run acceptably on spinning rust.&quot;<p>I&#x27;d argue they never did. Hard drives have always been slow and when they were the primary means of storage on the PC, people were always trying to find ways to speed things up. Now it takes seconds to boot rather than minutes.<p>&quot;Laptop manufacturers are switching to smaller flash drives to improve performance while preserving margins. Budget laptops circa 2015 shipped with 256 GB or larger mechanical drives. Now in 2021 they ship with 120 GB flash. &quot;<p>This is outdated information. I just checked Lenovo&#x27;s store and while they do have a super low end machine at $200 with 64Gb of EMMC, their real budget model laptops start with a 256Gb SSD. The standard ThinkPad we order this year for users had a 1Tb SSD. Is it budget? No. But building towards the lowest common denominator is rarely worthwhile without good reason.<p>&quot;Chromebooks are even smaller as they push everything onto cloud storage. Smartphones are starting to run full-fledged Linux distributions. The Raspberry Pi 4 and 400 use an SD card as root device and have such fantastic performance that we’re on the verge of a revolution in low-cost computing. &quot;<p>Chromebooks and RPi&#x27;s are not PCs. Yes, some enthusiasts use them that way but that is a niche and done by people who know what they are doing. They can easily enough avoid flatpacks.<p>Linux is a big place and its versatility allows for designing distros around multiple use cases. Flatpack and Snaps are meant to make software distribution easier. Constraints such as storage are not a primary concern for most users. Most machines have enough. Their mere existence does not mean other methods of deploying software aren&#x27;t available so if storage is a constraint, then simply don&#x27;t use them.<p>A lot of the arguments against Flatpack and Snap seem to be based around &quot;it&#x27;s not good for my usecase&quot; ok. Then don&#x27;t use it.<p>&quot;Each app with a new runtime adds another hundred megs or more of RAM usage. This adds up fast. Most computers don’t have enough RAM to run all their apps with alternate runtimes. The Raspberry Pi 400 has only 4 GB of RAM. Low-end Chromebooks have only 2 GB. Budget laptops tend to have 8 GB, mostly thanks to the bloat of Windows 10, but these app packaging solutions are catching up to it.&quot;<p>My case in point. Still referencing niche machines. Most RPi&#x27;s are used for a dedicated purpose. 99% of Chromebooks never exist Google&#x27;s ecosystem for it. And their concept for what qualifies as a lot of memory is, I think, out of touch. 8GB is the base for an x86 PC. Not a Chromebook but a real PC. Many have 16 gigs and its not uncommon to see up to 32 in laptops and even more in workstations.<p>&quot;Why shouldn’t storage shrink anyway? Software should be getting more efficient, not less.&quot;<p>My knee jerk response is &quot;why?&quot;. My more thoughtful one is that efficiency can be measured in many ways. Resource usage becomes inefficient when the user determines it is. And everyone has a different idea of where that lies. Nobody is multitasking more than a couple of applications at any one time on a PC. Servers are different but Servers aren&#x27;t an intended use case for Flatpack and Snaps. If I can run the software I want at acceptable performance then its resource consumption is efficient enough. But you know what Flatpacks are more efficient with? Time. I don&#x27;t have to deal with dependencies. I just tell it to install and it works. Given how awful the application management experience is in Linux traditionally, I am willing to take the downsides for that massive upside.<p>&quot;Such an app can drop a malware executable anywhere in your home folder and add a line to your ~&#x2F;.profile or a desktop entry to ~&#x2F;.config&#x2F;autostart&#x2F; to have it auto-started on your next login. Not only will it run outside of any container, it will even persist after the app is uninstalled.&quot;<p>I think he has a point with security. Permissions can be vague and misleading. And they do have a supply chain attack vulnerability. But that&#x27;s true of any software you get from the repository, store etc. If the official Fedora&#x27;s official Flatpacks can have malware then so can their official Repo.<p>His section about identifies clashes is not an inherent problem with Flatpack but rather a procedural problem with Fedora and Flathub. I think its weird he brought it up when he started the article saying he wouldn&#x27;t include easily solvable issues. Yet here we are.<p>&quot;You would think that these packaging mechanisms would embrace simplicity if they want to attract software developers. In fact they are doing the opposite. &quot;<p>This is the efficiency problem again. Define simplicity. What is simple in one area is complex in another. The fact is nothing as complex as software on a computer can be simple everywhere. If it were it would be useless. So the question is not how to make it simple. It is where are you placing your complexity. Traditional package management places the complexity on the user while keeping the software simple. Flatpacks place the simplicity on the UX while making the software complex. None is inherently superior. Its all about design goals.<p>&quot;All of these app packaging systems require that the user have some service installed on their PC before any packages can be installed.&quot;<p>And? All software has dependencies and a lot requires some kind of run time. Does he also consider all Java software problematic because they require a JVM first? What about all web based applications requiring a compliant browser? This is a non issue in context of how everything else works in the 21st century.<p>&quot;A major goal of most of these technologies is to support an “app store” experience: Docker Hub, Flathub, the Steam Store, Snapcraft, and AppImageHub (but not AppImageHub?) These technologies are all designed around this model because the owners want a cut of sales revenue or fees for enterprise distribution. (Flathub only says they don’t process payments at present. It’s coming.)&quot;<p>Conceptually there is no difference between an app store and repository. They are the same thing. App stores are just repos that are more user friendly.<p>&quot;This is very far from the traditional Windows experience of just downloading an installer, clicking Next a few times, and having your app installed with complete desktop integration. This is true freedom. There are no requirements, no other steps, no hoops to jump through to install an app. This is why the Windows Store and to some extent even the macOS App Store are failing. They can’t compete with the freedom their own platforms provide.&quot;<p>I didn&#x27;t expect him to advocate for the windows model. And I actually agree. Windows handles application management the best. However a lot of the criticisms he gives Flatpack would apply to windows too though. You are guaranteed to end up with multiple copies of certain dependencies because Microsoft&#x27;s answer to dependency hell was to let developers ship their dependencies with their product and not have to care what everyone else had. This is extremely space inefficient and can make for ugly under the hood management but it works very well. The author misses that in his article because he just measures the size of an installer, often Windows software ships not as one file but as many and the install.exe merely orchestrates the process. Again, its all about where you place your complexity. In Windows world the complexity is rarely encountered. Apps get to bring their baggage with them and decide where it all goes. This means program files can get ugly and inconsistent and you may have to learn the behavior or individual software but it usually works the first time.<p>&quot;The Current State of Backwards Compatibility&quot;<p>I have news for you. Linux&#x27;s biggest problem here isn&#x27;t that new revisions break compatibility. Its that old versions can become unavailable. The repo model of software distribution lends itself to &quot;link rot&quot; Load up an older version of Ubuntu and it cant talk to the repos anymore. The servers are gone. And since until recently almost all software was distributed this way and managed by a package manager you effectively can&#x27;t get software working in old Linux. Software preservation becomes monumental if not impossible. With older windows versions, if I have the install media whatever form it may take then I can install and use the software because it shipped with all of its dependencies included. No nebulous server required. DRM notwithstanding of course.

I usually steer clear of these types of discussions because I find the arguments ultimately pointless in the end. The users pick the winner based on their experience regardless of the merits of the systems available. Also I&#x27;m certain I&#x27;ll come out of this worse for wear, as is the experience whenever one crashes a heated debate among engineers arguing over which is the better standard. So I&#x27;m going to hastily step into this den of wolves and jump out again.<p>The fundamental issue I find with all these distribution systems is that they always seem more designed to justify a computer science degree rather than solving the problem in a user friendly way. And that applies to debs and rpms as well. All the solutions seem so over-engineered to the point that only engineers have a hope to get any kind of consistent usable experience out of it. Certainly you can try to hide all that complexity behind a nice GUI with icons and layouts, but that only works so well until something goes wrong. And then the user is stuck juggling a broken system and waiting for a reply on a support forum that may never come. That also mirrors my views on why Linux has yet to break into the mainstream desktop market.<p>But lets go even further, another fundamental issue. Sometimes it feels like these systems are working to justify a basic design choice of Linux that&#x27;s overstayed its welcome. The idea to separate libraries and binaries was a fabulously beautiful engineering idea to fix a problem that stopped being an issue a decade ago. When your system has 32mb of storage, it makes sense, but less so when you can buy a 2tb solid state drive for $120 on Amazon. Counter to the argument in the article, storage is cheap and becoming cheaper at such a rate that continuing this philosophy will appear more odd by the day. And now we&#x27;ve officially come full circle and engineered it away with flatpak and appimage.<p>In an ideal world, these perfect systems should work beautifully. But users aren&#x27;t perfect and neither are developers. That&#x27;s why I now value software not by the novelty of how it solves a problem but in how few parts it can do it. For all Elon Musk&#x27;s personal issues, he was letter perfect about one thing. The best system is no system. The best process is no process. For every additional step of complexity you add when solving a problem, you gain three additional problems. 1. You have to maintain it across the half-lifes of developer interests. 2. You have to teach users and developers how to use it the right way, a nearly impossible task. 3. All the systems that rely on it become more complex, duplicating problems 1 and 2 ad nauseam.<p>For me part of the answer was missed 12 years ago with AppImage. It works so well that I find myself breathing a sigh of relief whenever I find an application I want that uses it. That&#x27;s because I know it&#x27;ll just work. It&#x27;s a testament to the usability of AppImages that it&#x27;s still in use years later even without support from major distros. I think the linux community at large is at risk of missing something very good there. At least for user facing programs, it works wonderfully.

Colour me surprised that Canonical and RedHat funded initiatives cause bad things to happen in the desktop space.