Well, 2024 should be interesting for Linux packaging! While many distributions use different packaging formats like deb, rpm and others there's also Flatpak for cross-distro support. But we also have Canonical's Snap - which is going to get improved cross-distro support.
Writing on Mastodon, developer Zygmunt Krynicki mentioned "I will be returning as a snap developer later this month. My main focus will be cross-distribution support. Unlike in the past this will be my full time job. I'm very excited for what is ahead for snaps.". It's interesting to see Canonical paying developers to work on this (and it's a good thing too)!
Pictured - The Snap Store
Packaging is always a real sore spot for Linux, and it leads to a fair amount of confusion. Just like with how many Linux distributions there are there's upsides and downsides to it though of course. You don't get innovation and improvements by always sticking to one single thing, and the power of open source is people can often just work on whatever they want.
Still, it would be nice no matter what distribution of Linux you pick, if we can just tell people to "go here" to get whatever app it is they're after rather than having to do a support-dance to find out their specific distribution and version to see what's available to find out how they can grab something.
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
Quoting: KithopQuoting: damarrinSnaps/flatpaks are there to make packaging and distribution easy for software creators and make them independent of distro maintainers who may or may not include a given piece of software, or may be including an ancient version of it.
Totally agree - that is 100% a valid use case for this, and a better way of putting what I was trying to get at: if your distro *does* ship an up to date version, you should use that as your first choice, since it may need to have been customized for said distro, it'll be kept up to date with shared libraries, etc., but if it *doesn't* (and you don't want to go down the rabbit hole of compiling it yourself... I've written my own janky PKGBUILDs for that, in fact, and it's not user-friendly), these are a great fallback.
My issue primarily is that Canonical likes to push the snap version of a package as the first choice, regardless if there's a perfectly valid .deb available, and I think that's wrong, because that pulls Ubuntu even further away from upstream Debian and introduces yet another unique distro-ism when trying to troubleshoot. The cynical part of me worries that 'pulling away from upstream Debian' is their big goal.
That said, it's been a few years since I ran Ubuntu on a desktop - does an 'apt install firefox' still pull in the snap by default? If they've walked that back since, then my argument is invalid and out of date.
I generally agree running software from the native packaging system gives a better experience. Install is much faster, it starts faster, takes up less space, etc.
But, from what I've seen a number of distros (Ubuntu!) might ship the current version of a package as a deb/rpm at a certain point, but as time goes on it will fall behind until the user has something much older than is available as flatpak/snap.
If the user knows what they're doing they might then switch to flatpak, and possibly switch back to native packaging when they upgrade to a newer version of their system then switch to flatpak again - which just makes no sense and is a load of extra unnecessary work. Especially as the settings directories are different and have to be copied over.
As for Snaps and Firefox, they've managed to improve the user experience massively so it now runs fine, but if you object to snaps in general there's just no point in running Ubuntu. More and more things are moved to snaps and this will only continue.
I did rip out FF a couple of times and replaced it with the deb, but it's just such a hassle to do every six months, it makes no sense. It reminds me of people caring about privacy but continuing to run Windows and disabling all the data gathering options on every update, feeling like they've somehow beat the system. It's just nonsense, unless you have way too much free time on your hands.
2 Likes, Who?
dziadulewicz Jan 10
Snaps work on much wider area than Flatpaks. Often times a snap package is required if a dev wants a Linux universal package with safer approach (sandbox). So this is a very good thing. Snap tech supports also the server side applications and Flatpak does not. These are very different packaging methods and they should not be fought over in any way. Both help Linux in the long run!
2 Likes, Who?
Quoting: damarrinI generally agree running software from the native packaging system gives a better experience. Install is much faster, it starts faster, takes up less space, etc.Which in turn may or may not matter. Nowadays a lot of open source software is pretty mature, and a couple of versions more or less may not be much of an issue.
But, from what I've seen a number of distros (Ubuntu!) might ship the current version of a package as a deb/rpm at a certain point, but as time goes on it will fall behind until the user has something much older than is available as flatpak/snap.
What I wonder about Flatpaks, and Snaps outside of Ubuntu, is where are you on maintenance? A Flatpak might be totally up to date the day I install it from Flathub, but my other software updates semi-automatically along with the OS. If I have to remember to update the Flatpak stuff manually, well, either it's gonna get long in the tooth after a while or I'm gonna rip out the Flatpak because it's too much hassle and go back to native packaging.
Last edited by Purple Library Guy on 10 January 2024 at 3:56 pm UTC
0 Likes
Quoting: mattaraxiaYa know, I find it hard to take this attitude very seriously. I know the computer security people are all authoritative and expert and everything. But I've been using computers since before there was an internet, and in all that time no computer of mine has ever had an attack that I noticed the results of. If it weren't for phishing emails I might think there was no such thing as malicious cyberattacks outside the movies. It's possible that part of the reason my Windows computers of the late 90s/early00s got a bit wonky after a while was viruses, I dunno, but if so their action was indistinguishable from ordinary "Windows installs used to age really badly". So the thing is, after 30 years or so when I could have suffered an attack, during which I never did anything much about security other than "switch to Linux" and "use fairly decent passwords", and nothing ever happening, it gets harder and harder to sustain that panicked "The sky will fall in the next few minutes if I don't do the latest security thing right now!" mentality. Induction says to me "I've never sandboxed everything before and nothing bad ever happened, why would that suddenly change now?"Quoting: KithopUnless you have a need to sandbox something,
You have a need to snadbox *everything* already. I'm blown away this mindset exists.
If I was running a server or something, sure, I'd take security seriously. But I'm not, I'm just a guy with a computer.
0 Likes
[quote=Purple Library Guy]
Can't speak for other distros, but linux mint's software updater includes updates from flathub.
Quoting: damarrin...
What I wonder about Flatpaks, and Snaps outside of Ubuntu, is where are you on maintenance? A Flatpak might be totally up to date the day I install it from Flathub, but my other software updates semi-automatically along with the OS. If I have to remember to update the Flatpak stuff manually, well, either it's gonna get long in the tooth after a while or I'm gonna rip out the Flatpak because it's too much hassle and go back to native packaging.
Can't speak for other distros, but linux mint's software updater includes updates from flathub.
1 Likes, Who?
Quoting: Purple Library GuyWhat I wonder about Flatpaks, and Snaps outside of Ubuntu, is where are you on maintenance? A Flatpak might be totally up to date the day I install it from Flathub, but my other software updates semi-automatically along with the OS.and
Quoting: emphyCan't speak for other distros, but linux mint's software updater includes updates from flathub.Flatpaks *can* be distributed as a large standalone file or as tiny '.flatpakref' files that link to a repository that will download and install the software, but typically it's distributed through an app store and typically that is Flathub.
Quoting: Purple Library GuyYa know, I find it hard to take this attitude very seriously. I know the computer security people are all authoritative and expert and everything. But I've been using computers since before there was an internet, and in all that time no computer of mine has ever had an attack that I noticed the results of.This is because those same security experts are working behind the scenes to keep your computer and your person safe.
[...]
... it gets harder and harder to sustain that panicked "The sky will fall in the next few minutes if I don't do the latest security thing right now!" mentality.
The nature of software and culture of software developers has changed considerably in your 30 years of being a computer user. Once software cpu cycles, ram, disk, network bandwidth - if you even had a network - were precious and a lot of attention was spent in using them efficiently. Updates were expensive and hard to distribute and just so many basic things we take for granted now were laborious or undiscovered. That was *our* 'normal'.
The complete opposite is normal today. All of those things are more than abundant, they're present and so rich they often feel like *infinite* resources. Infinite disk, infinite ram... the generations of software developers brought up in this environment were never deprived of these resources. Seemingly unlimited resources, sophisticated high-level programming languages, abundant free/open source libraries and free/cheap third party services to host, test, deploy that software as well as vastly more developers! Which means vastly more software being produced as quickly as possibly for a society ever more dependent upon it. And a new disturbing trend is ubiquitous telemetry and monitoring (it's no longer an affront to include this, it's expected. It's normal now).
Sandboxing software is only partly about packaging or security, it's also about curbing runaway modern excesses in software by adding friction. You get to deny an app on your phone access to geolocation data. Or limit an app within a Flatpak to which directories it can write to.
Quoting: Purple Library GuyIf I was running a server or something, sure, I'd take security seriously. But I'm not, I'm just a guy with a computer.This sort of apathy is a blessing and a curse. Even when empowered by and protected by sandboxing tech you still don't give a shit, however this same apathy makes Flathub installation preferable to most than "apt install foo --no-install-recommends -y", following prompts to resolve conflicts, etc.
By all means continue being blasé about it, just don't publicly denigrate it. The sky isn't falling for you because others are holding it up.
2 Likes, Who?
AdamRHargreaves Jan 12
I tend to use flatpak on PopOS, simply only to get the latest versions of stuff, as the PopOS repos tend to lag quite badly for some things. Though have encountered a fair few annoyances with the file system sandboxing, so will always go for a deb if there's one available. (WPS Office was one - it couldn't access my home folder, or the system fonts - both kind of useful for an office suite...)
I did try Ubuntu on a laptop a few weeks back - just to see what the hoo-hah was with Snaps... and... they're fine. reasonably unobtrusive. (Though apt-update did then somehow remove the system icon theme, so I gave up with the install at that point!)
A packaging/distribution system should be simple to use for any user - and not require post install fidding to achieve full functionality of the installed package. If sandboxing means this goal can't be achieved, then the system is a fail. It's up to the user to use common sense to know what they're installing - and the distributor to make this information available. My PC, My Problem.
(I also disagree about the whole "infinite hardware" thing. That's just an excuse for lazy development - and the reason we see such stupid file sizes for things these days with no tangible benefit.)
I did try Ubuntu on a laptop a few weeks back - just to see what the hoo-hah was with Snaps... and... they're fine. reasonably unobtrusive. (Though apt-update did then somehow remove the system icon theme, so I gave up with the install at that point!)
A packaging/distribution system should be simple to use for any user - and not require post install fidding to achieve full functionality of the installed package. If sandboxing means this goal can't be achieved, then the system is a fail. It's up to the user to use common sense to know what they're installing - and the distributor to make this information available. My PC, My Problem.
(I also disagree about the whole "infinite hardware" thing. That's just an excuse for lazy development - and the reason we see such stupid file sizes for things these days with no tangible benefit.)
2 Likes, Who?
mattaraxia Jan 18
Quoting: KithopQuoting: mattaraxiaYou have a need to snadbox *everything* already. I'm blown away this mindset exists.
Ah yes, I'm going to sandbox 'ls' from the filesystem, and then explicitly fiddle to punch holes in to make it useful again...
Facetious and hyperbolic, yes, but let's not get into absolutes here. Sandboxing is great when you want it, but it's most definitely not for *everything*. There is a time and place for it, and I believe there are distros that lean on it extensively. It's great tech, but also *incredibly frustrating* as a user if you're not expecting it. All the Wayland xdg-desktop-portal stuff comes to mind - I love Wayland, but it shouldn't take *three separate popups* to allow OBS or Discord to screenshare a particular app, with no option to 'remember my choice forever please'. We're going to end up with Windows UAC level annoyances again, and then people will just turn it off entirely.
Should apps like Steam be sandboxed from accessing anything outside of ~/.steam (or equivalent)? Sure. Should your browser be sandboxed to not access things outside of your Downloads folder? Sounds like a good starting point. But remember, you may want to preview that PDF from your Documents or a thumb drive, or a static HTML page you're working on off a network drive, so it's got to be easy to do so and yes, explain and understand the implications.
If you want to run a Flatpak or Snap, you should understand that yes, you get sandboxing and the double edge that goes with it in terms of 'why can't this app see my files'. Unless your distro is explicitly designed for it, though, I believe it should not replace your native package manager. If I want to switch, let me make the choice to switch, don't start forcing Snaps on me when I call apt and expect a .deb.
Sorry this is so old, but I don't think you're responding to what I said so much as complaining about specific implementations you were already annoyed with.
The point isn't everyone should sandbox everything with existing tech right now, it's that everyone *has a need to* already. I didn't say "I don't understand the mindset of not wanting to use flatpak" the person above specifically said they don't see what problem sandboxing solves, that certainly patching is good enough. That mindset, is fundamentally misinformed. It does not solve the same problems something like flatpak solves. Saying so fundamentally misunderstands the problem.
Similarly, nothing you said addresses the cases I mentioned. That need still exists, for sure, for basically everything anyone runs. Whether or not that means you should run everything in flatpak today, is moving goalposts and missing the point.
0 Likes
mattaraxia Jan 18
Quoting: Purple Library GuyQuoting: mattaraxiaYa know, I find it hard to take this attitude very seriously. I know the computer security people are all authoritative and expert and everything. But I've been using computers since before there was an internet, and in all that time no computer of mine has ever had an attack that I noticed the results of. If it weren't for phishing emails I might think there was no such thing as malicious cyberattacks outside the movies. It's possible that part of the reason my Windows computers of the late 90s/early00s got a bit wonky after a while was viruses, I dunno, but if so their action was indistinguishable from ordinary "Windows installs used to age really badly". So the thing is, after 30 years or so when I could have suffered an attack, during which I never did anything much about security other than "switch to Linux" and "use fairly decent passwords", and nothing ever happening, it gets harder and harder to sustain that panicked "The sky will fall in the next few minutes if I don't do the latest security thing right now!" mentality. Induction says to me "I've never sandboxed everything before and nothing bad ever happened, why would that suddenly change now?"Quoting: KithopUnless you have a need to sandbox something,
You have a need to snadbox *everything* already. I'm blown away this mindset exists.
If I was running a server or something, sure, I'd take security seriously. But I'm not, I'm just a guy with a computer.
Sorry this is very late, but worth responding to.
That's just missing the point.
I rode a motorcycle for years and never needed my helmet. I was still glad to wear one, and would now if I ever went back to it. Induction didn't mean riders don't have a need for helmets.
Last edited by mattaraxia on 18 January 2024 at 3:52 am UTC
0 Likes
Patreon
PayPal
See more from me