top | item 41322308

(no title)

deckard1 | 1 year ago

I know it's fashionable to use flatpak, Docker, etc. but I'd still rather not have 30 instances of Gtk running for every GUI app I decide to run. Consider that we still run on Raspberry Pi, etc.

> aren’t these shared libraries a supply chain attack vector

Not any more than the apps themselves. If you're downloading a static binary you don't know what's in it. I don't know why anyone trusts half the Docker images that we all download and use. But we do it anyway.

discuss

akvadrako|1 year ago

I think what you mean when you say instance of Gtk is a copy of the Gtk library in memory?

That's not how flatpak works; identical libraries will share the same file on disk and will only be loaded once, just like non-flatpak apps. And because Gtk is usually part of the runtime most apps will use one of a few versions.