• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle



  • I like Flatpaks and AppImages for application delivery and here’s why:

    1. Software doesn’t just magically appear in various distros’ repositories. There is a considerable amount of work (time/effort/energy/thought) that goes into including and maintaining any given program in a single distro’s repo, and then very similar work must be done by the maintainers of other independent repositories. To make matters worse, some programs are not straight-forward to compile and/or may use customized dependencies. In those cases, package maintainers for each distro will have to do even more work and pay close attention to deliver the application as intended, or risk shipping a version that works differently in subtle ways and possibly with rare bugs. (Needing to ship custom versions of deps for a certain program also totally eliminates a lot of the benefits of shared libraries; namely reduced storage space and shared functionality or security.) That’s part of the reality of managing packages, and the fact is that there’s a lot of wasted effort and repeated work that goes into putting this or that application into a distro repository. I have a ton of respect for distro package maintainers, but I would prefer that their talents and energy could be used on making the user experience and polish of their distro better, or developing new/better software, than wrestling with every new version of every package over and over again multiple times per year.

    2. As a developer it’s very nice to know exactly what is being “shipped” to your users, and that most of your users are running the same code in a very similar environment. In my opinion, it’s simply better for users and developers of a piece of software to have a more direct path, instead of running through a third party middle-man. Developers ship it, users use it, if there’s a bug the users report it, developers fix it and add features and then ship again. It’s simple, it’s effective, and there’s very little reason to add a bunch of extra steps to this process.

    3. The more time I spend using immutable, atomic Linux distros like Silverblue, the more I value a strong separation between system and applications. I want my base system to be solid as a rock, and ideally pretty fucking hard to accidentally break (either on the user end or the distro end). At the same time I also want to be able to use the latest and greatest applications as soon as humanly possible. Well, Silverblue has shown that there’s a viable model to do that in the form of an immutable and atomic base system combined with containerized applications and dev environment. What Silverblue does may not be the only way of achieving a separation between system and applications, but I’ve never been more certain that it’s the right direction for creating a more stable and predictable Linux experience without many compromises. I don’t necessarily want to update my whole system to get the newest version of an application, and I certainly don’t want my system to break due to dependency hell in the process.

    4. The advantages of the old way of distributing applications on Linux are way overblown compared to the advantages of Flatpak. Do flatpaks take up more drive space than traditionally packaged apps? Maybe, I don’t even know. But even if they do, who the hell cares? Linux systems and applications are mostly pretty tiny, and a 1TB nvme ssd is like $50 these days. Does using shared library create less potential for security flaws going unfixed? Possibly, but again, sometimes it just isn’t possible or practical for applications to share libraries, Flatpaks can technically share libraries too, and the containerized nature of Flatpaks mean that security vulnerabilities in specific applications are mitigated somewhat. I’m not a security guy, but I’d guess that Flatpaks are generally pretty safe.

    Well, that’s all I can think of right now. I really like Flatpaks and to some extent AppImages too. I still think that most “system-level” stuff is fine to do with traditional packaging (or something like ostree), but for “application-level” stuff, I think Flatpaks are the current king. They’re very up-to-date, sandboxed, often packaged by the developers themselves, consistent across many distros, save distro maintainers effort that could be better used elsewhere, easy for users to update, integrate with software centers, are very very unlikely to cause your system to break, and so on.

    It would be really hard for me to want to switch back to a traditional distro using only repo packages.