top | item 44069656

(no title)

nycticorax | 9 months ago

I don't agree with him 100%, but I always find Drew DeVault to be thoughtful on this topic:

https://news.ycombinator.com/item?id=32936114

https://drewdevault.com/2021/09/27/Let-distros-do-their-job....

Basically, he argues that application distribution outside of the distro (a la flatpak, snap, appimage) is just a bad model. The right model is the one distros have been using for years: You get software through the distro's package manager, and that software is packaged by people working on behalf of the distro. As he says: "Software distributions are often volunteer-run and represent the interests of the users; in a sense they are a kind of union of users."

The other issue, of course, is that in practice flatpaks/snaps/appimages never seem to 100% work as well as distro packages do.

discuss

jillesvangurp|9 months ago

I disagree with that. IMHO the best possible people to create a package for an application are the original developers of that software. If that software is proprietary, that also happens to be the only party that can legally do that anyway. Because it typically requires access to the source code and software redistribution requires permission.

So, the model you mention only works for open source packages. And I would argue that even in the case an app is 100% open source it's a bad idea for somebody not affiliated with the core development team to be second guessing a lot of things about that application.

It results in a lot of issues that aren't necessary. Like needless lag between developers releasing new software and some third party doing whatever uninvited tweaks they think are necessary, or adding their own bugs and new issues.

It's why I always install Firefox in tar ball form straight from Mozilla for example. It updates itself as soon as developers OK some patch. This happens a lot and mostly for security and stability reasons. I want those patches when they release them. The things external distribution maintainers do are redundant. I trust Mozilla to do the right thing and be the most clued in about any issues regarding their own software. With proprietary stuff, I just want stuff to run with a minimum of hassle.

Flatpak is trying to do too many things. It's trying to emulate an appstore. I don't necessarily like app stores. They are gate keepers. What do developers on Windows and Apple do? They put binaries on their own website. You download them. You install them. And then they run. Downloaded apps have the same rights as apps provided via app stores. The app stores don't repackage the app, they merely distribute them. It's an add on service. An optional extra. All the essentials that provide security are baked into the OS and the application package. There are a few mechanisms that windows and mac provide to make things secure. Binaries are signed, the OS has a permission model for things that need that (screen sharing, directory access to certain things, using the webcam, etc). That's the right model. That could work for Linux as well. It shouldn't require taking control of distribution or packaging by some third party.

boudin|9 months ago

Flatpak is more of a set of tools and framework. I wouldn't consider it as a store but a distribution system. Flathub is a repository, Fedora has its own repository and anybody can creates its own repo (I wouldn't call it store as there is no concept of monetisation).

I wouldn't consider flatpak as a gatekeeper as there is no "team" going through some arbitrary process to allow/disallow an app.

I also disagree with the fact that macos and windows did the right thing, what I found in my experience managing laptops in a company that is roughly 1/3 windows, 1/3 linux, 1/3 macos is that: - What windows is teaching users is to download random stuff and bypass the warning screens if something is not signed. Unless there is a company policy and a third party software to update what is installed, by default things installed are a mix of up to date and not update to date software. - Macos user do not install operating system and software updates unless a third party software is installed and force them too - Linux users have things up to date, only distribution version updates (e.g. fedora 41 to fedora 42) are inconsistent.

So my take is that, even if things on not perfect with flatpak, rpm/dnf, fwupdmgr and package manager, this is much better than having to pay for third party tools in macos and windows because of the lack of a good way to distribute and maintain apps at the operating system level.

lucas_membrane|9 months ago

I think that you are right about not depending on one open source OS to provide the proper depencencies, customizaion, and training wheels for every app. I have been running linux on my desktop for about 20 years, about one decade of Mint followed by the same of Fedora so far. Being a curious but fussy guy who installs lots of software to see what works, I find that I need to install a fresh OS about every 18 to 24 months.

There are, I suppose, always a few programs that don't get upated by 'sudo dnf update' but do get bothered by updates to the shared libraries via the same. Perhaps there are some config files that get damaged by software bugs or power outages or system crashes or my own mistakes and carelessness. I also found out that if one loses the dnf program, one will discover just how impossible it is to pull oneself up by oneself's bootstraps.

Mint was a very similar situation. Maybe not so bad for one who follows all the rules, but in those bygone days there were people suggesting that updating Mint programs with newer versions fron the ubuntu or debian repos was a good idea. And because Mint was slow to get updates, I would attempt to update some apps by downloading source and building and installing here.

Last year, when I upgraded Fedora from 39 to 41, was the first time I got any OS upgrade to work instead of wiping the disk, doing a fresh install of the new OS version, and then spending a week or month trying to get my data for the installed apps (eg web browser and email) from backups. But the upgrade took much longer than it should have, because once I started running the upgrade process, I did not know that the computer sitting there dead silent with no action on the screen for about 30 hours was a sign that all was going well. Computers are evil.

Vilian|9 months ago

You van havê other repos in flatpak than flathub, so in theory the devs can package their app on their repo and tell the user to install it

sbt|9 months ago

The problem is that now you have to package for N distros. And the people who run the distro may not want to spend time on it, so you have to do it yourself.

Arnavion|9 months ago

It doesn't have to be gated by "the people who run the distro". I started packaging a few pieces of software for a distro I use because I wanted to use that software, and I don't "run" the distros in any capacity. Package maintainers aren't born that way, they become that way by volunteering, just like most everything in Linux.

If you don't have even one user willing to do that for the distro they use, you probably weren't going to have users on that distro anyway.

palata|9 months ago

You're saying the exact opposite of the original point, which is: you should not package for distros, distros should package for themselves. You just distribute your sources.

You are a good candidate to package for your distro, so there's that. And then for a random distro, if nobody feels like packaging for it, then it's just not there. Either there is not enough interest in your project, or there is not enough interest in the distro itself.

arunkant|9 months ago

Application developer should be able to package and distribute the app. See how easy it is for casual user to download and install any application on windows. Maintainers cannot scale and depending on them will just hold back Desktop Linux

LtWorf|9 months ago

The best thing about unvetted app stores is that anyone can publish software!

The worst thing about unvetted app stores it that anyone can publish software!

poulpy123|9 months ago

> that software is packaged by people working on behalf of the distro.

It is totally unreasonable to expect distros to be able to package every software in the world

s_ting765|9 months ago

I'm glad flaptaks are getting more adoption. Application distribution needs to move from distributions because they suck at it. Due to no fault of their own. Developers should have the option to distribute their apps without middlemen.

pjerem|9 months ago

In fact I’d say they are perfect for distributions to be more stable. E.g. : my issue with Debian have always been that you couldn’t (easily, I know backports existed) have stable system AND fresh software. With Flatpack, you can.

Now I can run my latest user softwares on a stable distribution. That’s pretty cool.

There are still issues of UX. Especially when the app you are using doesn’t have enough permissions to do the job, you have no information about it and when you guess it by yourself, changing this is hard.

I’d expect that Flatpack should allow apps to specifically ask for permissions in real time or when they try to access external resources like in macOS : just expose the APIs but make them wait for user approval.