Basically title.
I’m wondering if a package manager like flatpak comes with any drawback or negatives. Since it just works on basically any distro. Why isn’t this just the default? It seems very convenient.
1- It takes a lot of space. jUsT bUy a bIgGeR dRiVe --stfu I’m not going to spend money for you to waste it
1- a) Everyone assumes you’re an American with 20Gbps symmetrical fiber optic. My internet can’t handle 2+ Gb downloads for a fucking 50 Mb app bro
2- Duplicate graphics drivers. Particularly painful with Nvidia
3- It puts a lot of security work with distro library trees straight into the shitter
4- Horrendously designed system for CLI apps (
flatpak run org.whocares.shit.app)5- Filesystem isolation has many upsides for security but also it can cause some pain (definitely nitpicking)
Where in America is there 20Gbps symmetrical fiber? Everywhere I know tops out at 1gbps if you are lucky that your ISP isn’t shit, and lots of areas are still on slow cable.
In my area my options are 200mbps cable or 100mbps ADSL (which inexplicably costs more than the cable Internet)
Lived in 8 different states in the US - never had anything above 1 Gbps. Typically been 300-500 mbps, with only the past and current state state where I’ve gotten 1gbps. Poster is just assuming because we’re a first world country that we have good internet. We don’t. I hear Europe has better speeds than us.
Best I’ve ever had was like 60mbps down. Might be a budget thing though, I refuse to pay more than £30/month for internet
No proper estimate of download size.
To say nothing of a signed manifest of contents. It’s like 1995-era package management was lost on the kids who built this dreck.
For me, the question is why I should add an extra layer of complexity. If the things I use already work well using apt, and if most things are bundled in the default distro install, then my life is already good.
This all depends on your software needs, if course. Some people are using a lot of new stuff, so the above setup leads to annoying situations.
Endlessly reading on social media that is not a good from Linux “gurus”. LOL
It’s been great for me, but I wish it had a official gui for permissions management.
Are you aware of flatseal?
If you are, is there an issue with using it for you?
Flatseal is good, just not official.
It’s as official as it gets. The XDG team provides the underlying infrastructure, and the community provides the tools.
There is some drawback. The main one : app can’t communicate with each other.
Example firefox and his extension keepass. As keepass can’t communicate with firefox, you have to open both apps and switch their windows.
You can use flatseal to manage communication between apps but that’s not an easy process and may prove a security issue if you don’t understand the technical jargon.
You only need flatseal on GNOME. KDE has it baked into the settings
Where in KDE are those settings? I see Flatpak permissions listed in Discover (bottom of right panel,) but you can’t change them there. Not sure where else to look. I’ve been using Flatseal but if it isn’t needed …
You can’t change them? https://github.com/KDE/flatpak-kcm
deleted by creator
It’s HUGE. That’s the biggest downside for me. I’m always use a deb/native package first because they are way smaller.
Of course they are. they share dependencies with other software. flatpaks bundle all dependencies,which is great for sandboxing,even though some sort of break the rule and share some,they are still sandboxed.
Unless you “firejail” or “bubblewrap” your software, security is much better OOB for flatpaks.
That’s a myth. Security of flatpaks depends entirely on the given permissions, and since most flatpaks just set their own permissions on installation, or require filesystem access to work, there is no meaningful difference in security OOB.
Flatpak apps cannot set their own permissions “on installation”. If flatpak tells you some weather app uses only the network permission then that is all the app is going to get.
For an app to be able to change its own permissions, it first needs permission to the flatpak overrides directory. Any app that does this gets an “Unsafe” designation in gnome-software.
Also about most apps requiring filesystem access to work: I have 41 flatpak apps on my system (Silverblue so everything is flatpak). Only 6 have access to my home or Documents directory. (11 apps requested full filesystem or homedir permission, but 5 of these work perfectly fine after I turned off their permissions in Flatseal).
Notably, “large attack surface” apps like Thunderbird or Firefox don’t have access to my Documents. File uploads and email attachments go through the file picker portals.
I’ve used flatpak for a while because it’s the default ob Fedoras GUI Software Center, but I’ve recently switched back to dnf and native packages where I can.
The thing is, that I have a shitty 500GB SSD with a shitty 50Mbit Internet connection (which is closer to 30Mbit because my house still has lead cables instead of copper). So downloading 300+ MB of libraries for a 2MB Program is just not feasible for me.
deleted by creator
- overly verbose way to launch them in terminal
- can sometimess not even respect your gtk/qt theming
- sandboxing/permission system can lead to you trying to figure out which directory you need to give access to when you want to save file if it wasn’t preconfigured
- uses its own libraries and not system libraries, want to play the hit new AAA game with steam flatpak? get fucked it requires a mesa commit that was merged 8 hours a go and you’re stuck on 23.0.4 and can’t use the git release.
Flatpak probably has it’s specific uses like trying to use one piece of proprietary software that you don’t trust and don’t want to give it too much access to your system, or most GUI software clients having an easy way to install Discord on your Steam Deck (no terminal usage, Linux is easy yay), but native packages 99% of the time work better.
deleted by creator
Yes, I love it and don’t get me wrong but there are many downsides and they all result from poor planning and/or bad decisions around how flatpak was built. Here are a few:
- Poor integration with the system: sometimes works against you and completely bypasses your system instead of integrating with it / using its features better. To me it seems more like the higher levels are missing pieces to facilitate communication between applications (be it protocols, code or documentation) and sometimes it is as simple as configuration;
- Overhead, you’ll obviously end up with a bunch of copies of the same libraries and whatnot for different applications;
- No reasonable way to use it / install applications offline. This can become a serious pain point if you’re required to work in air gapped systems or you simply want to level of conservation for the future - it doesn’t seem reasonable at all to have to depend on some repository system that might gone at some point. Note that they don’t provide effective ways to mirror the entire repository / host it locally nor to download some kind of installable package for what you’re looking for;
- A community that is usually more interested in beating around the bush than actually fixing what’s wrong. Eg. a password manager (KeePassXC) and a browser (Firefox/Ungoogled) both installed via flatpak can’t communicate with each other because developers seem to be more interested in pointing fingers on GitHub than fixing the issue.
Flatpak acts as a restrictive sandbox experience that is mostly about “let’s block things and we don’t care about anything else”. I don’t think it’s reasonable to have situations like applications that aren’t picking the system theme / font without the user doing a bunch of links or installing more copies of whatever you already have. Flatpak in general was a good ideia, but the system integration execution is a shame.
To the duplicate libraries
Do you know if flatpak leverages the memory side of this? With shared libs, you only keep one copy in memory, regardless of how many applications use it. Makes application launch faster, and memory usage lower.
For flatpak, it of course will load whatever it needs to load, but does it manage to avoid loading stuff across other flatpaks?
As a basic end-user I have not been too happy with my experience with flatpaks. I do appreciate that I can easily setup and start using it regardless of what distro I’m using. But based on standard usage using whatever default gui “app store” frontends that usually come with distros, it tends to be significantly slower than apt, for instance, and there seems to be connection problems to the repos pretty often as well.
