I’m admittedly yelling at cloud a bit here, but I like package managers just fine. I don’t want to have to have a plurality of software management tools. However, I also don’t want to be caught off guard in the future if applications I rely on begin releasing exclusively with flatpak.
I don’t develop distributed applications, but Im not understanding how it simplifies dependency management. Isn’t it just shifting the work into the app bundle? Stuff still has to be updated or replaced all the time, right?
Don’t maintainers have to release new bundles if they contain dependencies with vulnerabilities?
Is it because developers are often using dependencies that are ahead of release versions?
Also, how is it so much better than images for your applications on Docker Hub?
Never say never, I guess, but nothing about flatpak really appeals to my instincts. I really just want to know if it’s something I should adopt, or if I can continue to blissfully ignore.
Is it because developers are often using dependencies that are ahead of release versions?
That has been my experience recently. I had the same mindset as you until a critical piece of software I use shat the bed on Arch (LiveCaptions) that affected my being able to watch training videos for work.
Because it was time critical and I didn’t feel like possibly breaking other things for one package, I grabbed the flatpak. It came with its own nvidia driver package (mine was newer) and it worked out of the box without having to mess with anything and that was enough to change my hardline view on that.
Now it’s just another tool to use in an emergency when important things randomly break.
As someone who develops and distributes a small application exclusively on Flathub, I prefer that everyone uses the exact same package on every system. That way I know that if something doesn’t work, the issue should be easy to reproduce.
Recently, there was a situation where a user indicated in the comments of a release announcement that a newly introduced feature “doesn’t work”. It turned out that they installed a third-party package from the AUR (that wasn’t updated yet) without knowing that this isn’t the official and up to date version.
This is what’s so great about Linux, you can use whatever the hell you want.
Flatpaks provide some cool security functionalities like revoking network access to a specific application. Maybe you care about this, maybe you don’t.
My personal policy is to always install from the repos. Occasionally something is only available in flathub, which is fine for me. I really understand how hard is maintaining something for every single package manager and diatributions and totally respect the devs using a format that just works everywhere. If I were to release a new Linux app, I would totally use flatpak.
I really understand how hard is maintaining something for every single package manager and distributions
But for apps distributed in your system’s package manager, it’s not the devs that are distributing them in every package manager. It’s the distribution itself that goes to each repository, checks and tests the dependencies they need and creates the package for the distribution, along with a compiled binary.
When they aren’t offered in the distro’s package manager (or the version is outdated because the distro isn’t rolling release) things become more complicated indeed, and sometimes you can’t even do it because the dependencies are older than the ones you require.
Yes. You can always build from source; If need be
Some kinda wise guy over here 🤣
Just make sure to not post bugs to the upstream project and keep them at the distro level
