I first approached flatpak with a healthy dose of skepticism. I'm beginning to come around a bit after playing around with the command line tooling a bit. I've even managed to install flatpak on my own built from source distribution, giving me access to a lot of applications that I haven't had to build myself. I think I still prefer native packages wherever possible, but I can see this as a valid alternative.

Flatpak have some things to improve, and in objective comparison probably native packagers are better, but for ppl with obsession about isolating, security, etc it is preffered option (ppl like me).
Also I think that Flatpak probably have more space for improvements, while native packagers are near their peak possible condition (If we don't want to experiment, but then we have flatpak, appimage ....)

@Szwendacz the isolation aspect of Flatpak is the least interesting aspect of it to me. Rather than sandboxing untrusted code I prefer the security approach of increasing the level of trust of the code that you are running. This begins by not running proprietary applications or libraries. I realize that this is not a cure all, and that not all open source code is well audited. But it is a philosophical district that I like to make.

@Szwendacz or in other words, rather than attempting to reduce the damage that untrusted code can do, avoid running untrusted code at all.

True security means securing stuff on every level, not choosing just one, so the more security measures the better (or just more secure)

Also avoiding untrusted code can be hard or impossible in some cases (Web browser, games, etc...)

@Szwendacz while I acknowledge your points as valid, I also have this fear of desktop Linux turning into something like Android, where applications can only communicate with each other over certain blessed channels and when you save a file you don't know where it went to. That sort of system is also a developer's nightmare. So I'm still skeptical of the cost to benefit of sandboxing everything, because right now the only systems we've seen that employ it fully are nightmarish.

Yeah, file management on Android can be painfull.
As usuall it is best to find the Golden mean. BUT, then let people move towards one edge (security) or the other (convenience) if and as much they need or want, since Linux world is proud of its possibilities of choice.

Sign in to participate in the conversation

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome!