As a user, the best way to handle applications is a central repository where interoperability is guaranteed. Something like what Debian does with the base repos. I just run an install and it’s all taken care of for me. What’s more, I don’t deal with unnecessary bloat from dozens of different versions of the same library according to the needs of each separate dev/team.
So the self-contained packages must be primarily of benefit to the devs, right? Except I was just reading through how flatpak handles dependencies: runtimes, base apps, and bundling. Runtimes and base apps supply dependencies to the whole system, so they only ever get installed once… but the documentation explicitly mentions that there are only few of both meaning that most devs will either have to do what repo devs do—ensure their app works with the standard libraries—or opt for bundling.
Devs being human—and humans being animals—this means the overall average tendency will be to bundle, because that’s easier for them. Which means that I, the end user, now have more bloat, which incentivizes me to retreat to the disk-saving havens of repos, which incentivizes the devs to release on a repo anyway…
So again… who does this benefit? Or am I just completely misunderstanding the costs and benefits?
So again… who does this benefit?
It benefits me because I can install 32 bit software as Flatpak without any troubles and without messing up my whole system with 32 bit libraries dependency hell.
Flatpak permission system also. Flatseal ftw.
It benefits the end-user.
People do not want to be in dependency resolution hell; where they have three programs that all use different versions of libssl and require them to install all of them properly and point each application to the correct one. Most users have no ability to resolve problems like that. By not bundling, the application developer is forcing them to either try anyway or just not install their software.
Bundling dependencies with Flatpak or Snap helps the end user at the cost of only a few extra megabytes of space, which most users have in abundance anyway.
Traditional distro repositories also solve these dependencies for the user.
Only if everything you need is in the repository. If you have a application you want to install that doesn’t work with your repo supplied version of library, then you are gonna have fun making it work without messing other stuff up. And end users don’t really want to deal with that. Also disk space today is cheap, compared to the time it takes to learn and fix such issues.
Not really; they will try to automatically download dependencies, but they don’t provide the application with resolution to the correct dependency. So upgrading libssl for one dependency could still break another.
That hasn’t been my experience in Debian, which is the example OP gave.
I’ve run into this in Debian. Not sure what to tell you – the base repo does not have an explicit contract that everything in it uses the same version of all available software.
Distro packagers solve the issue for the user. And it takes a lot of work
It benefits both devs and end users.
Many people don’t have the time or resources to manage a broken application especially devs who have to deal with that on several Linux distributions simultaneously.
Many distros use different package install scripts and repos to suit their specific needs. If I were to use a Debian-based distro, I would need to use apt to grab from a Debian-compatible repo. If I somehow got apt to work on Fedora, then not only would the program I installed not work, it would likely annihilate many of the preexisting dependencies and possibly brick the system.
I personally use Arch Linux which uses pacman, my package manager of choice, and a lot of times I’ll find an application that doesn’t work on my system due to mismatched dependencies. Arch is incompatible with .deb and .rpm files and does not use the Debian repo and its derivatives. It uses the AUR and its own derivatives of that repo. I don’t have the time or skill to get a program to work with a newly updated dependency on one distro nevermind however many exist on the internet. Many devs do that for free after they’ve been working at their job for hours and/or taking college courses.
What a Flatpak or appimage (ignoring goofy aah snaps) really does is allow a developer to update dependencies for their application at their own pace without having to play catchup when something inevitably breaks due to an update. It allows for a more stable system. As a Debian Bro, you might not need that, but on rolling-release distros like Arch and funky distros like Manjaro that can be very much welcome.
Yes I enjoy that extra stability and organization, especially as I use a rolling distro as a gamer. Hearing talk about Flatpak I disliked it but I decided to try it out after Steam Native bugged due to a system library update. I enjoy it now also because it feels good that installing apps don’t get a root password and scatter files everywhere they please in the system.
Bloat is often held up as the ultimate evil without further ado, scaring everybody. I think a little extra disk space would be more concerning on an embedded system. Snap is also aimed at embedded systems btw.
Snaps benefit Canonical. They’re trying to build their own walled garden, and anyone else benefiting is not a consideration.
Flatpaks are different, because they aren’t purpose-built to benefit a single company. I wouldn’t use them to install most things, but there’s a few places where there’s benefits for at least some people. It’s a lot easier to maintain large projects like Firefox on older distro releases for example. You get sandboxing, so that say a bug in Firefox won’t let malicious javascript take over your system. It lets vendors release closed source software that would never be included in your distro’s repos. These are all things that may not benefit you, but in theory they’ll benefit enough people that it’s worth it.
I’ve also moved onto NixOS so don’t use either one anyways. I think Nix or something like it is the future, even if you’re running a more traditional distro, though that might just be misplaced optimism, see the success of worse is better.
That’s a fascinating topic, and I wonder how AppImages sit in this argument.
AppImages are the Linux equivalent of portable .exe’s.
OH I asked a question like that not to long ago. Appimages do tend to be smaller, they have sandboxing, and getting updates can be hard. Sometime you have just download the new appimage and delete the old one. Other then that is does serve the same function of universal install format.
AppImages are kind of harmless in this, as they are just bundled up binaries and dependencies. They don’t force you into a store, update system or even installing of the app, they are just files that sit on drive. They can be very useful if you want to quickly change between old and new versions of an app.
They wouldn’t work for replacing a traditional Linux package manager, but as for portable Linux binaries, I quite like them.
As for Flatpaks: Me. It’s easier, simpler, cleaner, more secure and overall more convenient. It’s like on mobile, permission based. But without the shady corporations behind it.
About Snaps: some edge devs but more importantly: Canonical.
Benefits any software dev on Linux, as flatpak ships all your dependencies in one “container”. This allows you to deploy once and forget about whether some Ubuntu system dependency is on the same version/compatible with your test environment. Software that works everywhere is the biggest win of flatpaks. One could also make the same argument for snaps except the package repository is closed-sourced.
For me, it allows an easy configurable sandbox with Flatseal. This is the main reason I use flatpaks TBH, software is packaged with too much express permissions on Linux. You also get delta updates. Plus I don’t have to worry about mucking around with system packages if for example some dependency is not available or needs building/installing.
As a Steam Deck user I really like flatpak, because it allows me to install third party apps while my system remains exactly the same as every other Steam Deck on the same version.
That means just like other “consumer” devices and unlike most PCs, updates are simple and risk free. There is no risk of having an update break because I installed some app that broke system level stuff.
Dev’s and End users can know stuff “just works” also i no longer need to add 5000 repos to my system.
It helps distributing applications that don’t break left and right. Deepin is creating its own thing as well and they said they are gonna check host system first then supplement missing components if needed. This should result in maximum space saving, but allow developers to cherry pick dependencies.
How this is gonna play out remains to be seen.
thanks you for explaining that. I had asked around a few times about Linglong but there is nothing that really talked about them.
I think it benefits the distro maintainers. They can vet and ship version 0.13.1 of some multi-player video game, and support that for two years without bothering to package multiple backward-incompatible releases from the game developers. People won’t come demanding that they break their distro’s stable version no major version upgrades rule because everyone actually playing the game can just use the snap/flatpak published by the developers.
But then why bother to package the game for the distro in the first place?
I think it’s usually because someone asked for it, or the maintainers thought it would be wanted. Or to pad out the games section of the repos.
Users who want to have software accessible
Mainly software vendors.
The fact that you can build a package with all dependences built in etc. Means software vendors can release a product for Linux. Without worring about all the different versions of library’s out there.
This is useful for os when trying to support less common distress. As you are not rellying on the distro to package everything. Then destros that wish to may compile more efficient versions based on there own dependencies can. But other distros are supported if they do not want to compile. Without your team having to compile for every distress.
But it also allows commercial closed source vendors to package once and know every linux system (on the hardware they choose to support) will have the dependencies expected. No matter the distro choice or other software requirements. Removing the issue with supporting every distress. As this is a common reason commercial software avoids Linux. As 100s of different distress divided between a relatively small customer base. Means support is often not cost effective.
Me. A flatpak Firefox means not adding a repo to install non-free codecs. A flatpak steam means not installing a hideous number of 32 bit libs. Can’t remember what software it is because I rarely use it, but another flatpak prevents me needing to build it from source.
The main benefit of Flatpaks for me as a user, is that I can upgrade my system without fear of anything breaking (I use Silverblue, which relies heavily on Flatpak to enable this).
I think you should look at the runtimes basically as a repository. There are a bunch of libraries in there, and you make sure that your application works with those versions. Except that now, these libraries and versions are consistent across distributions, so you can support multiple distributions in one go. Additionally, it’s the application developer, who knows the application well, who ensures this compatibility, rather than a packager. Which, again, benefits me as a user, in that I can use the app even if my distro doesn’t have someone to package it.
Snap is just up Canonical trying to build an AppStore that they control so they get a bit of every software sale on Linux. It’s straight up evil. They neither support third party repositories nor is their AppStore server Open Source. It’s build such that they retain all the control and only employs the minimum amount of Open Source to get away with it.
Flatpak is more tricky, I am not sure there is any company behind it actually controlling it directly. But it is very much build for KDE and Gnome apps. As a general Linux package manager it’s completely useless, as it has no dependency management, the only thing you can depend of are the KDE and Gnome runtimes, there is no separation of individual libraries and such. Support for more than one binary per package didn’t exist last time I checked, the support for command line in general is terrible and the whole thing is geared towards an Android’ish experience with simple monolithic apps you can click on. The fact that it runs on multiple distributions is great, but everything else about it is awful.
There is also Nix, this is by far the best package manager we currently have. Runs on all distros, completely reproducible builds, git repositories can themselves be treated as actual packages, everything is easily overridable and changable by the user and best of all it is all build on regular Unix tooling, i.e. just some symlinks and environment variables, very transparent and easy to understand, no weird container magic that hides what is going on.
Use NixOS if you like Nix.
however much I love NixOS, I would argue that in it’s current form (steep learning curve and horrendous documentation), the better option is using Nix package manager on a proven distro like Arch (or Debian but I’ve had some issues there). you get the benefits of nixpkgs while also having other pacman repos if you must.