I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can't mess with the root without extra steps.
For anyone who isn't familiar with immutable distros I attached a picture of mutable vs immutable, I don't want to describe it because I am still learning.
My question is: what does the community think of it?
Do the downsides outweigh the benefits or vice versa?
Could this help Linux reach more mainstream audiences?
Any other input would be appreciated!
Former OS security guy. Fuck no. Nope nope nope nope.
Yes, who would want sandboxed apps which restrict the app's access to the system. /s
I can see why it’s “former”.
You're definitely out of date on your knowledge then. Nothing inherently insecure about any of these. Only download software you trust, just like you should be doing with any software format!
If you trust it, why not just install it like a y other app?
Oh wait, it's generally pushed for binary only blobs, no source... so why are you even trusting it?
I don't really know what you're saying. Most software is distributed as binaries, that doesn't make them inherently untrustworthy, you just need to have trust in whoever is distributing it. It's trivial to look at the build process of a flatpak and verify that it is legitimate. Just because the binary isn't being built from source by every user doesn't make it insecure.
Who is mostly pushing these containerized apps?
Proprietary software vendors.
Same for who stands the most to benefit from immutable distros. Like Android and MacOS get shipped.
Flatpak is completely open source software and any proprietary software in it has a large warning about how it's proprietary. I don't know why you think proprietary software vendors are pushing these. Ublue, NixOS, and Fedora Silverblue are all community run, not being pushed by some malicious group pushing proprietary software.
Why companies even have anything to gain from their proprietary software being in a container? All that would do is make data collection more difficult.
Why do you think all phone makers push it?
There is literally no arguing with people like you, haha
So, you cannot or will not answer. Got it.
Because it improves security and privacy, something they can advertise as a feature. There's no negative for them to implement, it's their phone, they can already collect all the data they want. It still prevents other apps from accessing data they shouldn't.
Why do you think phone makers push it? What possible malicious reason do you think proprietary software makers have to push containerization and sandboxing? What do they gain?
Correct about security. Unable to inspect the code running, unable to control your own device fully, and really secure at keeping the user out of their hardware.
And for apps shipped in containers? No need to be a part of the FLOSS community, because you can easily ship software to your users that provides no freedoms.
Those things have nothing to do with containerization. They can do those things without it. Containerization exists to improve privacy and security. It can do the same thing on Linux.
Even if you trust an app, it can have vulnerabilities you are unaware of. Containerization helps limit the effects damage from a vulnerability could have. They also simplify the distribution of software, which is the primary goal of Flatpak. There are benefits for using containers for open source software, you're just refusing to acknowledge them. Nobody is forcing you to use containerization, and I don't care to convince you to. I just think acting like Flatpak and other container based package formats is some corporate conspiracy is silly. Flatpak is FOSS and mainly distributes FOSS.
I can see where you're coming from because of outdated libraries and flatpak sandboxing not really being a thing (it's an illusion, really) but you can't deny that this is the direction we're moving in, and we need to get flatpak sandboxing and permissions right, to ensure a proper base level of security.
For those unaware:
Many flatpaks use older, outdated, or end-of-life libraries
Flatpak permissions are messed up because most applications ask to bypass the sandbox at install-time
How come?