Flatpak is supposed to "just work" everywhere.
this post was submitted on 04 Mar 2025
152 points (98.1% liked)
Linux
51291 readers
859 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
The risk of dependency vulnerabilities is real.
Also, flatpak packages are not digitally signed, unlike apt and all other major Linux distro package managers.
Do you have a resource I can take a look at for what this implies at what it accomplishes?
Sure, here are some:
http://security.stackexchange.com/questions/259088/ddg#270934
https://en.wikipedia.org/wiki/Digital_signature
The main feature would be that if flathub (or a hacker with access to flathub) acted maliciously, digital signatures would prevent them from issuing malware infested updates to flatpaks. Only the software's originator would have the cryptographic key needed to sign releases of the software.
Thanks!
I'm using MX Linux AHS, it is Debian based, it is always up to date, like latest firefox a few hours after it's out, kernel 6.12.17 as of today, etc.
It has no systemd, no snap, no flatpak. It just uses the good old .deb and everything is working fine.
Glad it is working well for you. What does that have to do with this post?
no flatpak. chill.
I mostly do. 99.9% of the software I use is a Debian package. Well on Debian anyway. I do have one AppImage.
Arch based distros (except for Manjaro) has every FOSS and some proprietary software on the AUR
Let me try to clarify what you are saying.
You are saying that the AUR “has every FOSS and some proprietary software”. Yep. That is why I add an Arch Distrobox to every system regardless of the host distro.
But what do you mean by “except Manjaro”? Most Manjaro fans will say that Manjaro also supports the AUR. They are correct that you can certainly enable it and start installing packages from there.
I assume you are warning that, because Manjaro maintains its own base repos and has different package versions in it than Arch does, that Manjaro is incompatible with the AUR and that using the AUR with Manjaro will cause problems. If that is what you are saying, I agree with you.
I never use flatpaks and am doing just fine. I don't want my packages to be installed from a bunch of different places; I want it all managed by one package manager, which for me is my distro package manager. I've never noticed a problem arising out of not using flatpaks; everything I want is either already packaged for me, or I can make a package myself.
That's what I do. But then I mostly use Arch or Arch based distros (e.g. EndeavourOS). So I have access to AUR. If something isn't on AUR (very rare, but can happen), I just create the package for it and publish to AUR. I do use some AlmaLinux machines as server. I don't really need many programs outside of the standard repos there since I use them mostly for hosting Docker images. But if I do need to install something like that, I've some self-written LURE install scripts.
Just use Nix. It can run all the packages on whatever platform. It has the largest repository of software & are some of the most up-to-date.
load more comments
(4 replies)