Flathub now has over one million active users

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.


Last edited by LoudTechie on 29 January 2024 at 11:02 am UTC

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

Quoting: redneckdrowThe recent Tales & Tactics malicious update in Steam, thanks to their discord being compromised, is a good reason why updates should be checked before install. Admittedly, the devs fixed that pretty quickly, before the Winter update. Thank God I checked the forum when I couldn't find release notes at the time.

Huh, what happened with this? How does getting their discord compromised lead to a malicious update on Steam?

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.


Last edited by LoudTechie on 29 January 2024 at 5:03 pm UTC

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.

The key take away here is that flatpak is an OPEN standard, vs Snap, which only Ubuntu can run a 'store'. There is definitely a time and place for 'paid' apps, like say Steam has for Games. Though in all honesty, there are so many open source programs out there that would be perfectly fine to replace proprietary stuff (like office suites, for example).

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.

The key take away here is that flatpak is an OPEN standard, vs Snap, which only Ubuntu can run a 'store'. There is definitely a time and place for 'paid' apps, like say Steam has for Games. Though in all honesty, there are so many open source programs out there that would be perfectly fine to replace proprietary stuff (like office suites, for example).

Oh, I agree with the the statement that it will snap snap.
I just don't think it will(or should) make a dent in package proliferation, because it won't do anything to .deb, .rpf, appimage, etc.
Also we're having a miscommunication and that is my fault.
I use the term free, but I didn't mean free as in 0 cost, but free as in freedom(basically open source).
Inkscape has long been unknown to many Linux users paid software, just also open source. If you wanted to obtain it from the Microsoft store you had to pay a small fee to a central party defending the goals of the developers(including paying them directly, but not only that) the SFC.
Paid software has its place inside the ecosystem and I have nothing against distributing and helping paid software.
I argued that helping distribute non-open source software was something I can't actively

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.

The key take away here is that flatpak is an OPEN standard, vs Snap, which only Ubuntu can run a 'store'. There is definitely a time and place for 'paid' apps, like say Steam has for Games. Though in all honesty, there are so many open source programs out there that would be perfectly fine to replace proprietary stuff (like office suites, for example).

Oh, I agree with the the statement that it will snap snap.
I just don't think it will(or should) make a dent in package proliferation, because it won't do anything to .deb, .rpf, appimage, etc.
Also we're having a miscommunication and that is my fault.
I use the term free, but I didn't mean free as in 0 cost, but free as in freedom(basically open source).
Inkscape has long been unknown to many Linux users paid software, just also open source. If you wanted to obtain it from the Microsoft store you had to pay a small fee to a central party defending the goals of the developers(including paying them directly, but not only that) the SFC.
Paid software has its place inside the ecosystem and I have nothing against distributing and helping paid software.
I argued that helping distribute non-open source software was something I can't actively

I kind of look at the potential of having 'pay for' software in Flathub to be somewhat of a benefit, because then there could be a percentage of the purchase of software to fund improvements to other open source software.

Imagine if Flathub did a 'OSS Software of the Month' selection, that was voted on each month for the next month (so a poll would run through January for February's software) and during that month, proceeds from any 'pay for' software percentage would go to the developers of that piece of software. Even if they did a percentage of a percentage (like say they take 30% of Photoshop profits, then take 25% of that for the Software of the Month and then 5% goes to the development / services for Flathub). Would be a great way to turn funds from proprietary software into funds for open source software!

Cannot believe that this BS is preferred over AppImages...

I may be unpopular saying this , but i prefer Flatpak to the AUR
I recall having issues when one library or dependency would be too new and it was either - wait , or start messing with simlinks etc.
I know it's not a fault of AUR in itself but of the packages i was using and maybe my impatience , but I have to say flatpak is a lot more convenient to download , update and use.

Quoting: LoudTechie

Quoting: razze

Quoting: slaapliedje

Quoting: Purple Library Guy

Quoting: ElectricPrism

QuoteFlathub has served just about 1.6 billion downloads, has over 2,400 apps

Very impressive, congratulations to @all. The quality of FOSS on the store is great, and while predicting the future is hard -- I am modestly optimistic about their efforts to make a commercial area of the store someday.

I've long thought that one of the most potentially important things about Flatpaks is about closed, mostly non-game software. That stuff can't be packaged by your distro, so the ability for vendors to build their stuff in a fairly easy, pretty solid, distro-agnostic way could go a long way towards reducing complaints about Linux fragmentation.

It is this! Flatpak shouldn't be used to replace the distributuion software. The reason why is that it is tightly integrated and you will have security updates and bug reports you can send to your distro. The vast majority if Flatpaks are not officially packaged by the upstream project, and cannot be easily verified they haven't been messed with.

Why can't they be verified? And how can you verify a distro package?

The answer is(ofcourse) multiple ways.
The GNU, Linux, bsd, FOSS, etc. security model is build heavily on source code availability and subsequent peer review.
One way to verify is with reproducible builds. Build a package the advised way and hash it and compare it to the hash of the binary package.

A second way is with signature checks. This could work given that you've a party that you trust to produce a trustworthy indication of which developers produce trustworthy proprietary code. This is uncommon under developers of FOSS associated projects(self selecting), so there aren't a lot of tools for it. Also it is hard to generalize, because that trust is a lot more variable in a world of a thousand distros than one Microsoft/Sony/Apple.
This is how basic distro security works. The distro maintainer signs their package and you check if the signature matches theirs. This doesn't work, because distro maintainers have no way to distinguish modified proprietary packages from non-modified ones and because they simply never trust proprietary packages.

A third way is with self compiling and source code checks(this is how the distro maintainers do it themselves).

So flathub is at least doing 1. And 3 is done but by the app author. I'm very unsure if distro maintainers actually do it, tbh I don't believe that.