this post was submitted on 16 Jul 2023
11 points (100.0% liked)

Linux

69 readers
1 users here now

founded 2 years ago
 

TLDR at bottom.

On most linux forums, it seems that everyone is trash talking flatpaks, snaps, docker, and other containerized packages with the statement that they are "pre-compiled". Is there a real-world affect that this has with performance and/or security, and does this have to do with canonical and/or redhat leaving a bad taste in people's mouths due to previous scandals?

Also, it is easier for the developer to maintain only one version of the package for every user. All of the dependencies come with the package meaning that there aren't distro-specific problems and everything "just works" out of the box.

I understand that this also makes the flatpaks larger, but there is deduplication that shrinks them as you install more by re-using libraries. Do the drawbacks of a slightly larger initial disk usage really outweigh all of its advantages?

I have heard that flatpaks are slower than distro-specific compiled binaries but haven't seen a case where this affects performance in the real world.

TLDR: In most forums linux users tend to take the side of distro-specific packages without an explanation as to why.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

First, most of the people I saw discussing it support flatpak, not packages. They support flatpak like they support a football team. example here: "Mostly because they're uneducated fools".

It's all about reputation. There are people I trust, like Steam and there are perfect strangers from the internet. Who do you trust the most between "debian VS mastakilla_51"?

Wake me up when a flatpak app is thought with clear boundaries and doesn't just request access to my whole home directory. Until then I much prefer to have a team of packager maintaining a reputation, dedicated to their job and producing fine, reliable apps.

The Audacity fiasco was a perfect example of that. The apps was bought by someone, then telemetry was introduced into the flatpak and no one saw it. Instead, the distro maintainers noticed it and deactivated the telemetry. This is how we saw the thing.

Be very careful of what you lose when you say goodbye to distro packages, don't take it for granted. If you walk the flatpak way you will have access to a mountain of unverified software built by a random person of the internet having access to your full homedir. It's like installing freewares on Windows, you end up with a lot of crap on your computer. A packages repo is not like freewares for Windows.

Yes, I know, you think flatpaks come with sandboxing. It does not, because most of these packages use /home as the sandbox anyway and people click yes. Pick some flatpaks and see the access level their require. Most of the time it's /home. This is a terrible trend and I wished more of the flatpak supporters mentioned it when they praise the tool. Some people don't care. I do.

Cryptocurrency does nothing to help you since it gives a very strong incentive to criminal to scan your homedir. Scammers will use shiny software, flatpak it, add their "secret sauce" and publish it. If you had to install a cryptowallet, would you install the one from the debian repo of the one from mastakilla_51?

Until this whole jungle is sorted out: thanks, but no thanks.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

https://github.com/obsproject/obs-studio/pull/2868

This is a good example of this kind of evangelism for the hot new packaging standard gone wrong.
A pull request was made for a half-baked appImage version of OBS by appImage creators.
They refused to support it, and the OBS developers refused to merge it because they have no appImage knowledge.
Drama ensued.

I do like how nixOS is tackling this issue, but I don't really care enough to switch away from Arch.

[–] [email protected] 1 points 1 year ago

ouch

This thread is closed, but I'm going to make a final reply before I ban you and your associate from our organization for your inflammatory, incorrect, and downright rude comments. Actions have consequences. Any time anyone asks us why we don't support AppImage, I'm going to point them to this thread, and how it was you, personally, who irrevocably burned all bridges with our development team.

And then he harassed the OBS team claiming that "users want appimages"