I have been reading the pros and cons of flatpak packaged software packages against packaging by the distribution teams. There is quite a bit of variation of opinions and I wonder how these might apply to the OpenSuSE distribution
I understand flatpaks are much larger to download and install, but with hardware and coms increasingly cheaper, faster, and more powerful, it seems to me that this issue is less and less critical (unless running on old/restricted equipment or using a large number of applications).
Another issue is that flatpaks don’t provide full package isolation (sandboxing), and that they are more likely to have security weaknesses or bugs, but I cannot see why packaging would be worst whether by one or other of the teams.
On the other hand, with packaging by the application developers to agreed standards implemented by most distributions, updates will be quicker and the distribution teams will be able to concentrate on their distro, saving time & money . Since the same flatpack package would be used across distributions, feedback on bugs etc would also be quicker. These arguments seem to me very strongly in favour of the flatpak option and likely to push the market that way.
I am happily running Leap15.5, and thinking maybe I should be moving my apps to flatpak. Any views?
@RG Install Flatseal for control of permissions and access, you can also look at distrobox as well… I use them here on MicroOS with Hyprland and Aeon. Also have a couple on Tumbleweed…
“Much Larger” is a bit of an exaggeration, I’d generally say for most users, you’re going to see the overall installation in the 10-15% larger than installing the same via your distribution packaging (In my own experience and limited testing, I’ve hardly tested for all usecases or installations).
I don’t know where the upstream is on their sandboxing, but its something that is being worked on constantly, and improvements being made. Application sandboxing isn’t an “easy” problem to solve, if you want your average user to be able to just install and run something, and have it behave like a “native” package. So yeah, it’s not perfect, by any means, but software should theoretically improve over time.
And yes, your points are spot on, as far as the advantages of having the application developers packaging their own software, and having a single point of distribution for everybody. If handled well (and in large part, I think it is being handled fairly well), it should improve things for everybody involved.
@malcolmlewis thank you, I downloaded Flatseal and give very clear display and control of permissions of the apps. It was good to see that the default permissions to the app were only as strictly required to each app, at least the few I have downloaded so far.
@sfalken thank you for your comments. Re “much larger”, this was based on my readings, and seemed logical since each flatpak package includes all necessary libraries, whereas distro packages can share libraries between apps. I did see some comments that flatpaks could also share some libraries, but this didn’t make sense to me as this seemed going back to the distro packaging solution.
As a quick check, Flatpak lists ~300Mb download and ~730MB installed for LibreOffice7.6.4, whereas my installed SuSE distro version 7.6.2 adds up to ~550Mb . The two packages are not exact same version and may not include the same modules/ add-ons, so possibly figures are not comparable. I guess the integration between flatpaks and distros may continue to progress.
Flatpak uses “runtimes” for shared libraries and whatnot. So no, each individual application doesn’t have to be fully bundled with all the relevant libraries, they only need to include what isn’t covered in the runtimes.
If I know that an app is written in Python, I am biased to install it via a flatpak, if one is available, in an attempt to avoid the frustration and time wasting antics of python versioning… Although, this doesn’t always work.
@sfalken reading more about the “runtimes” I can see they are intended to share libraries, so it now makes sense to me that the as you say they must reduce duplication and package sizes.
@pedroSMS I started my migration to flatpak with applications that bring in lots of new libraries anyway, and/or if not available in SuSE (e.g. LibreWolf).
distrobox has very weak sandboxing as well, because security is not what it was made for.
If you try to install snap in a distrobox container, you will be informed that snap is already installed because it detects snapd on the main system. You can even (un-)install snaps on the main system from within a distrobox ‘container’, no setup needed.
Flatpak runtimes can keep several revisions of the same libraries. This saves storage but seems to me is also a possible risk:
Say two Apps require the same Library and only one copy is stored. If subsequently the library is revised to clear a bug or weakness and only one of the Apps is updated, a flatpak update would load the updated library but keeps the old version for use by the other App which can continue to run using the buggy library. If updating instead through zypper/ Yast/ SuSE repos would give a warning.