this post was submitted on 24 Apr 2025
55 points (96.6% liked)

Linux

10019 readers
46 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
55
The wonderful world of Linux package managers (thelibre.news)
submitted 4 days ago* (last edited 4 days ago) by Alphane_Moon@lemmy.world to c/linux@lemmy.world
23 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Geodad@lemm.ee 16 points 4 days ago (3 children)

Flatpak is actually a really good solution. Snap is garbage though.

I do a combination of Flatpak for niche 3rd party applications and apt on Debian for standard stuff that everyone wants/needs.

[–] ms_lane@lemmy.world 1 points 1 day ago (1 children)

No, FlatPak is centralization in the worst possible way, whilst also making software less usable.

It's a terrible thing and it dies to die swiftly.

[–] 3abas@lemm.ee 1 points 21 hours ago

Can you clarify? I'm just getting back into Linux this year, what makes it more centralized than any other repo based packaging solution? How is using Ubuntu's deb repos on a thousand distros less centralized than flathub?

[–] unhrpetby@sh.itjust.works 3 points 3 days ago* (last edited 3 days ago)

My biggest gripe with flatpak is the fact it isn't sandboxed properly by default.

I'm not referring to vendor-given privileges. Every flatpak, unless explicitly ran with the --sandbox option, has a hole in the sandbox to communicate with the portal. Even if you try to use flatseal to disallow it, it will still be silently allowed.

This leads to a false sense of security. A notable issue I found is if you disallow network access to a flatpak, it can still talk to the portal and tell it to open a link in your browser. This allows it to communicate back to a server through your browser even though you disallowed it. Very terrible.

Security should to be dead easy and difficult to mess up. The countless threads I've read on flatpak tell me the communication about flatpak's actual security has been quite terrible, and so it doesn't fit this category.

[–] tauren@lemm.ee 2 points 3 days ago (2 children)

Same. I like it that I can install Librewolf and some other software on Mint from Flathub instead of adding some obscure repositories with commands I don't even understand.

Like with docker, this isn't healthy:

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Source: https://docs.docker.com/engine/install/ubuntu/

[–] Samueru_sama@programming.dev -1 points 1 day ago

Be aware librewolf and all firefox based browser have security issues with flatpak because flatpak by forcing seccomp filtering breaks the internal sandbox of the browser:

https://librewolf.net/installation/linux/#security

Not to mention the librewolf flatpak is literary the portable tarball they release that works on your distro already, in other words it is the worst way possible to use librewolf.

And you only get that "ease of use" of being able to install it in the software store with one click because your distro did the pain of installing and configuring flatpak for you, otherwise it would have been much worse than what you posted.

Anyways, try using appman instead:

wget -q https://raw.githubusercontent.com/ivan-hc/AM/main/AM-INSTALLER && chmod a+x ./AM-INSTALLER && ./AM-INSTALLER

And then: appman -i librewolf which will "install" the AppImage and you can also sandbox it with am --sandbox librewolf and this sandbox does not break the internal sandbox of the browser unlike flatpak.

[–] corsicanguppy@lemmy.ca 2 points 3 days ago (1 children)

adding some obscure repositories with commands I don’t even understand.

You may want to learn the commands and review the repos.

this isn’t healthy:

True, but not in a way that SnapPakImage is going to fix.

[–] Successful_Try543@feddit.org 0 points 3 days ago* (last edited 3 days ago)

this isn’t healthy:

True, but not in a way that SnapPakImage is going to fix.

What about that isn't "healty"?
You are basically downloading and saving the signing key of docker to the currently recommended place with appropriate permissions, and adding the docker deb-repository, explicitly stating that it should be signed by that particular key.
If you don't trust docker, don't add their repo. By the same logic, the Flathub repo is an "obscure repository" too.