Appimages are an insecure packaging system with very limited use cases. Please use Flatpak instead! - trytomakeyouprivate/dont-use-appimages
Appimages totally suck, because many developers think they were a real packaging format and support them exclusively.
Their use case is tiny, and in 99% of cases Flatpak is just better.
I could not find a single post or article about all the problems they have, so I wrote this.
This is not about shaming open source contributors. But Appimages are obviously broken, pretty badly maintained, while organizations/companies like Balena, Nextcloud etc. don't seem to get that.
We're also regularly debating Flatpak here. That password managers don't tie into the browser and the desktop themes don't apply. It's also not the best solution and regularly confuses newer users.
That native messaging portal is probably developed somewhere. But for sure, also apps installing themselves "partly" as an extension of another, like Zotero and Libreoffice. This could be done though, okay.
Themes generally just work on KDE at least. At least light/dark themes, which may not really be the fanciest of choices
I'd be happy if people just cut down on advertising Chrome/Firefox and LibreOffice via Flatpak to new users. They should use the packaged version. That's why we have distributions, to make the whole system a smooth experience and everything tie together.
Flatpak is slowly getting there and I think at least some distros have it preconfigured so the default GTK themes are in place.
Ultimately, I'd like sandboxing to be available natively in Linux, at least for desktop applications. And we can talk about a packaging format that is available to the user, allows pulling software directly from the upstream project, includes libraries and runtimes.
Yes SELinux confined users or apparmor could allow sandboxing apps the same way as flatpaks.
On 2GB of RAM systems that would make a lot of sense.
Chromium cant use its native sandbox, Firefox supposedly can.
But Librewolf and more should be used as Flatpak, unless you need multiple apps to chat between (native messaging) which doesnt work yet, its way more stable.
Yeah, I think we should extend on the sandboxing features like AppArmor, SELinux and Flatpak for desktop use. Look at MacOS and Android and what they're doing for desktop users. That is currently not the Linux experience. Ultimately I'd like my system to have an easy and fine grained system to limit permissions. Force third-party apps to ask permission before accessing my documents or microphone. have sane defaults. make it easy to revoke for example internet access with a couple of clicks. make it so I can open an app multiple times. and have different profiles for work, private stuff and testing. This should be the default and active in 100% of the desktop applications. And apps should all use a dedicated individual place to store their data and config files.
Librewolf and more [...] used as Flatpak, [...] its way more stable.
That's just not true. I've been using Linux for quite a while now. And I can't remember my browser crashing in years, seriously. Firefox slowed down a bit when I had 3000 tabs open, but that's it. How stable is your Flatpak browser? Does it crash minus 5 times each year? How would that even work? And what about the theming and addons like password managers I talked about in the other comment? Use the distro's packaged version. It is way more stable. And as a bonus all the edge-cases will now work, too.
Most things already work. You know, desktops need to start with that, they need to implement popups for these permissions. And I guess apps also dont ask for permissions yet (like they do with Pipewire access), they just take it or fail.
So its again a problem of adapted apps.
Storage is all stored in ~/.var/app/ and could be duplicated etc if you really want to. That would require some hacking, but you could have multiple profiles for apps. Tbh this is not hard to do at all, just rename the app folder to "appname-profile" and rename the active folder back to the apps name.
A GUI for that would be interesting.
Browsers are a big example of good native packaging, as they get most attention. But for example on Debian, or Ubuntu, or many other platforms, I would prefer to use Flatpak Firefox (if firefox didnt have their deb repo now).
Chromium is hacky as Flatpak as the Sandbox is imcompatible and needed to be replaced.
For firefox there is no statement about this, hopefully soon. I use native browsers for the same reason as you.
Themes not applying is wrong packaging, not flatpaks fault.
Flatpaks limitations are real but you should install as flatpak first and if not working, then use the native package or nix. And limitations in flatpaks should be advertised.
But with this approach you take over the answering questions to newbies... Why doesn't the webcam show up in the videoconferencing? Why doesn't my GTK / QT themes apply to some software and it's a 2 page tutorial with lots of command line commands to fix that? Why can't I install Firefox add-ons and on Windows and MacOS everything just works? Why is Linux so complicated and regularly stuff doesn't work?
I had this argument multiple times now. There is an easy solution: Do it the other way around until you know what you're doing and about the consequences. Distributions are there for a reason. They put everything into one package and do testing to make sure everything works together. They provide you with security patches if you choose the right distro. LibreOffice and a Browser even come preinstalled most of the times. If you do away with all of that, it's now your job to tie the software into your desktop, your job to handle the sandboxing if there is addons that need to pierce the sandbox. Your job to make sure the Flatpak publishers do quick updates and keep the runtimes up-to-date if a security vulnerability arise within an used library...
I'm not directly opposed to using Flatpak. I'm just saying there are some consequences that aren't that obvious. There are valid use-cases and I also use Flatpak. But in my experience hyping some of the available technologies without simultaneously explaining the consequences is regularly doing a disservice to new users.
Do you mean fedora not installing codecs by default and the flatpak version of firefox has it bundled, i.e. just works?
I don't want to argument with you about that. If something doesn't work as expected or intended, you've done a bad job. Stuff not working on linux isn't exclusive to flatpak. It's the fault of maintainers if people complain about a flatpak version compared to distro package.
More people have to use flatpak and report the bugs they experience. The more people focus on flstpak the less infancy bugs will appear.
I've got only recent runtimes installed. There's no old runtime. I understand your concern though, but it's less of a problem for maintained software. Moreover, you've got the same problrm for other package manager. Flatpakcan even improve upon this because it's bundled.
There's also a distinction to be made if it's an official distribution channel or if someone else packaged it.
I mean it's not even my own problem. I just have Spotify, Microsoft Teams and Zoom installed that way, and a few pieces of software that I'm testing. I use a rolling distro so I have the most recent versions of every software I need anyways. And I have the skills to configure stuff. So I myself don't have an use-case for a spyware-riddled Chrome browser from Flathub or something. I have a nice LibreWolf from the unstable channel of my distro. Steam and all the other stuff is there, too. And it works almost flawlessly. Why would I trade that in for a 4GB version of the same software that has downsides?
It's the newer users I'm concerned with. Their sub-par experience of Linux.
This is what I mean:
https://github.com/keepassxreboot/keepassxc/issues/7352 (Maybe Keepass works as of now(?) I don't think so but I haven't tried. At least some addons do. But other's don't. It requires the permissions to be configured by the prople preparing both flatpaks that want to talk to each other.)
All the issues people had with Steam, the graphics drivers, attaching gamepads/controllers or headsets, getting Discord and extras working. (Some of that seems to have been resolved in the meantime. They put quite some work into it.)
Some distros don't update Flatpak packages as part of their standard update mechanism. You need to learn to regularly run "flatpak update" or learn how to activate that.
I have some packages still rely on old runtimes that are missing security patches. I suppose it's the same for a lot of other people. And there isn't a mechanism to warn you. You also need to learn how to figure that out.
I don't remember which of the video conferencing solutions this was, but I remember fighting with the webcam permissions and advice on the internet was to disable sandboxing entirely. I set the permissions a bit better but then also screen sharing wouldn't work.
As I said, it's okay for someone like me - and probably you - to use, and I don't complain. I'm glad I have Flatpak available as a tool. But look at the issues I've linked above and the steep learning curve for the beginner. They need to learn what GTK is, what QT is, what desktop they use, learn what Flatseal is, use the CLI. They have no clue why it is even required to do that much work to get their Keepass set up. And that it's not Linux' fault but their decision from 2 weeks ago to install the browser that way. And their experience is just worse than it needs to be. And this isn't unsubstianced, I'm speaking from experience. I've answered these questions over and over again. It's already annoying to get the NVidia stuff set up reliably, find new software and adapt your workflow. And the switch from X11 to Wayland broke things like screen sharing/recording, anyways. And we're now piling 20 other things on top, to learn and do manually if you happen to be one of the users who don't use the default standard setup.
And nothing of that is "bad" or can't be fixed... We're making progress with all of that. And we'll get there. All I can say with my experience helping people with their Linux woes and the current state of Flatpak: The "use Flatpak for everything" mentality is causing issues for some newer users. And experience shows: They rarely understand the consequences but heard the hype about Flatpak. And few of them can explain why they used Flatpak over the proper packages in their distro.
So my opinion in short:
Flatpak is nice : yes
try a Flatpak first, then the distro package if it doesn't work: hard no
you can get recent software on older distros with flatpak: yes
you can recommend Flatpak: Yes, if you also explain the consequences of the sandboxing and pulling things from potentially unreliable third-party sources. You're doing people a disservice if you don't.