this post was submitted on 17 Feb 2024
172 points (93.9% liked)
Linux
48310 readers
645 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How? Security is one of its selling points.
libxyz has security vulnerability:
Your distro updates libxyz. Fixed and every piece of software gets the fix for free.
Every single flatpak that uses libxyz has to update to include the fix. Let's hope all those package maintainers are on the their game.
That's not how Flatpak works.
Flatpak has runtimes, which is where most shared libraries are. There's a common base one called Freedesktop, a GNOME runtime, a KDE runtime , an Elementary runtime, and more. (The GNOME and KDE ones are built on top and inherit from the Freedesktop base runtime.)
https://docs.flatpak.org/en/latest/available-runtimes.html
Additionally, at least for Flathub, they have shared modules for commonly used libraries that aren't in runtimes. (Many are related to games or legacy support like GTK2.)
https://github.com/flathub/shared-modules
Lastly, some distributions are building their own runtimes and apps on top, so the packages they build are available as flatpaks as well. This is the case for Fedora, Elementary, Endless, and others.
https://fedoraproject.org/wiki/Flatpak
That's exactly how flatpaks work if the library you need is not in the runtime. Which is very often the case.
I know because I made one for my personal use and the package was not available elsewhere.
So we're just reinventing the wheel with more bloat? Brilliant.
Yeah, that's a big, weird if though. Most modern apps can rely on the runtimes for their dependencies and not have to ship their own custom dependencies.
It's different from something like AppImage, where everything is bundled (or Snap, where a lot more needs to be bundled than a typical Flatpak, but not as much as with an AppImage).
Additionally, there's always some level of sandboxing in Flatpaks (and Snap packages) and none at all for RPMs, Debs, or AppImages.
Also, Flatpak dedupicates common files shared across flatpak apps and runtimes, so there isn't "bloat" like what you're talking about.
https://blogs.gnome.org/wjjt/2021/11/24/on-flatpak-disk-usage-and-deduplication/
I think bringing in an entire operating system, which may well include libraries and other files that I already have installed, to run something small can be considered bloat.
I currently have multiple versions of Nvidia's libraries installed for some reason on my system through flatpak. I have no idea why that's necessary but if I don't allow this to happen I get dropped down to software rendering.
It sells security through isolation, but packages are not cryptographically verified after download. This is done in package managers like apt, but not flatpak