Flatpak could become a universal app store for Linux systems

A

Alfonso Maruccia

Posts: 1,025   +302
Staff
Why it matters: Linux has become the backbone of many technology standards and software products. In the traditional desktop space, however, the open-source kernel is anything but a successful. If the suggestion about a "universal" app store for Linux distros gains enough support, things could change fast.

Some influential people in the open-source community are pushing for the adoption of a one-stop app store for Linux-based operating systems. The store would be built on Flatpak, a popular software deployment and package management utility, and it could provide customers with the same user-friendly approach other popular app stores in the consumer market are known for.

Spotted by ZDnet's Steven Vaughan-Nichols, the proposal for a Flatpack-based, universal Linux app store is hosted by Eric Schmidt's technology incubation project Plaintext Group and signed by GNOME Foundation president Robert McQueen, former GNOME executive director and Debian project leader Neil McGovern, and KDE community president Aleix Pol.

The proposal's main goal is to "promote diversity and sustainability" in the Linux desktop community by "adding payments, donations and subscriptions" to the Flathub app store. Flathub is the standard app repository for Flatpak, a project described as a "vendor-neutral service" for Linux application development and deployment.

Flatpak was chosen as a potential universal Linux app store as the tool can already run on virtually any Linux distribution, or even within the Windows Subsystem for Linux. The utility offers a sandbox environment designed to run applications in isolation from the rest of the system, a "containerized" approach that gives developers an easier way to create, deliver and update their software products.

The universal app store proponents say that "a healthy application ecosystem is essential for the success of the OSS desktop," so that end-users can "trust and control" their data and development platforms on the device they are using. Flathub has been jointly built by the GNOME foundation and KDE, and it isn't the only app store available in the Linux world.

Alternative solutions like Canonical's Snaps, however, are sitting under the control of a single corporation and aren't designed as a universal Linux app store from the get-go. Canonical has recently decided that neither Ubuntu, nor the other Ubuntu-based distros (Kubuntu, Lubuntu, etc.), will give their official support to Flatpak. Users can manually add the tool after installing the operating system, though.

Besides providing a universal app store for the entire Linux world, Flatpak supporters also want to "incentivize participation in the Linux application ecosystem," and remove financial barriers that prevent diverse participation. For this reason, the proponents are planning to add a new way to send donations and payments via Stripe within this year.

Permalink to story.

https://www.techspot.com/news/97803-flatpak-could-become-universal-app-store-linux-systems.html

 
First thing I thought of while reading the first paragraph was current EV infrastructure and its inadequate supply of reliable charging stations and how little sense that makes.

Linux users want to sell everyone on the OS in the comments, but the problem is I think they only want you to be a user if they think you'll enjoy it as much as they do. But I also think they want it to stay niche. It's been their OS for so long it would probably look weird seeing them regularly embrace "outsiders" and make it easier to use, by say, offering a single location to download apps.
 
Last edited:
  • Like
Reactions: SikSlayer and psycros
I think the value in flatpak is in the sandboxing. If you don't feel the need to have the app sandboxed then it makes sense to just use the native distribution package manager. If you want to isolate the app to protect your system from an app you don't trust, then it's a pretty good solution. It has a lot less overhead than using a virtual machine. I don't feel like every piece of software on the system needs to be sandboxed, but it's nice to have the option to have it sandboxed by installing through flatpak.
 
  • Like
Reactions: SikSlayer
It's probably a step in the right direction. I still think under anti-trust regulations MS needs to be forced to turn over certain things to Linux, that's the entire point of anti-trust, and we have a long history of evidence as to why monopolies are bad for society. The regulators are completely asleep and the judges are just tech illiterate, it is a real issue. Even being tech illiterate, maybe they are also bought off and that's a sign of corruption.

MS and Nvidia probably need to be broken up. I would have said Meta needed to be too but I guess they're actively dying now so it's less of an issue (maybe that means regulators now step in, after the fact).

Even if it's not Linux there really needs to be real universal standards and options in the market.
 
  • Like
Reactions: SikSlayer
Anything that gets us closer to a single distro as stable and user-friendly as Windows is a good thing. With Microsoft obsessed with becoming the new Google, the Year of Linux can't come soon enough.
 
psycros said:
Anything that gets us closer to a single distro as stable and user-friendly as Windows is a good thing. With Microsoft obsessed with becoming the new Google, the Year of Linux can't come soon enough.
Click to expand...
Updating software on Linux is better than on Windows. It's more like updating apps on your phone. You get notified when there's an update, and (if you choose) it will update all your programs at the same time. Updating the OS is also way better because you're never forced to update. You choose when and whether or not to update. You also receive way more updates way more often, which you can simply ignore if you like (even have it never notify you), or you can have the latest everything every day.
 
Flatpak is a horrible answer to a very legitimate problem. I mean when you have several NVIDIA drivers (!) installed on your system as flatpaks, BESIDES your natively installed driver, you know something's seriously f*cked up.

Flatpak is like static linking. Which we already established to suck horribly, like 20 years ago.

https://akkadia.org/drepper/no_static_linking.html

Or I could mention the first big GDI+ vulnerabilities. Which MS obviously patched via Windows Update, but a big number of "clever" app developers just decided to ship their own (old) copy with their software...

If each app has its own hardcoded dependencies and their versions, that means eventually you end up installing multiple versions of several core libraries. A lot of wasted disk space, system memory, and network bandwidth.

But that's the least of our problems. The real problem is that these libs often get those tasty 0day vulnerabilities. Which distro maintainers prudently patch - the random flatpak packager? Not so much. So even though your "system" (I.e. native distro packages) is patched, your flatpaks' security is in the hands of those individual maintainers. Spoiler alert: they update their stuff WAY less frequently, if at all. The user is in the belief that "my system is up to date", but really, it's not in the slightest.

Linux needs their Win32. A common, stable, well-controlled, robust, well-rounded runtime. LSB tried to do something like that, but guess what, it died off. Linux is inherently incapable of implementing anything close to Win32. Why? Because many of those Linux folks consider it to be their core values. The stable_api_nonsense.txt. The "freedom of choice". Which is a nice way of saying "if I can't accept others' opinions, I'll just do it my own way".

Just look at the sh*tshow systemd caused, and still causes to some degree, among Linux users. Which is beyond comprehension - I couldn't care less about the init process in use. But some people still can't get over the fact that Linux distros, for once, finally agreed on something. They just WANT to differ.

Did I mention that Canonical keeps pushing their own cr@p, snapd? Which is even worse, if you can actually believe that - it doesn't even support user installs. But they're totally invested in that, their IoT stuff is 100% snap-based, so you're doubling down, of course. As with most things Linux.

So yeah, good luck with Flatpak. Can't wait to have all my libs installed 27 times on my system, filled with juicy 0days. Mmm.
 
  • Like
Reactions: Theinsanegamer
psycros said:
Anything that gets us closer to a single distro as stable and user-friendly as Windows is a good thing. With Microsoft obsessed with becoming the new Google, the Year of Linux can't come soon enough.
Click to expand...

Linux is not and will never be about a single distro. It's all about freedom and freedom means a wide diversity of distros, desktop environments and more. But if you want a stable, windows-style distro, there are Linux Mint and MX linux.

hahahanoobs said:
But I also think they want it to stay niche. It's been their OS for so long it would probably look weird seeing them regularly embrace "outsiders" and make it easier to use, by say, offering a single location to download apps.
Click to expand...

Probably some users think that way, but usually Linux users consider Linux especially for its open source nature. Open source has shown its effect in OS like Linux or Android but also in software like Chromium, Firefox or Blender and even in drivers like AMD's drivers. Hopefully we'll get to see it in hardware, medecine, industry, video games....
 
A "Universal" Linux ecosystem is a very BAD idea. It predisposes to future Apple & Microsoft wannabe trends.
And Snap is another can of worms.
 
bviktor said:
But that's the least of our problems. The real problem is that these libs often get those tasty 0day vulnerabilities. Which distro maintainers prudently patch - the random flatpak packager? Not so much. So even though your "system" (I.e. native distro packages) is patched, your flatpaks' security is in the hands of those individual maintainers. Spoiler alert: they update their stuff WAY less frequently, if at all. The user is in the belief that "my system is up to date", but really, it's not in the slightest.
Click to expand...

Doesn't Flatpak provides sort-of components for such libraries, so the packager can choose whether to include the libraries within his app as you said, or just link the Flatpak component, just like Docker images can either be completely standalone or based upon existing one? So, if the packager chooses the latter approach, isn't it not much different from distribution's repository?

Anyway, I use Flatpak for quickly testing an app. If the app is in the official repository, I use that. If not, and it is in AUR, I would choose Flatpak, because AUR could takes tens of minutes to build. For example, I used to to use GIMP 2.99 in AUR, but that took a very long time to build. Then I discovered I could install it instantly through Flatpak. Sure, it may take more disk space and RAM, but there always are trade-offs in life, and I think I can sacrifice disk space/RAM a bit for quicker installation.
 
bviktor said:
Flatpak is a horrible answer to a very legitimate problem. I mean when you have several NVIDIA drivers (!) installed on your system as flatpaks, BESIDES your natively installed driver, you know something's seriously f*cked up.

Flatpak is like static linking. Which we already established to suck horribly, like 20 years ago.

https://akkadia.org/drepper/no_static_linking.html

Or I could mention the first big GDI+ vulnerabilities. Which MS obviously patched via Windows Update, but a big number of "clever" app developers just decided to ship their own (old) copy with their software...

If each app has its own hardcoded dependencies and their versions, that means eventually you end up installing multiple versions of several core libraries. A lot of wasted disk space, system memory, and network bandwidth.

But that's the least of our problems. The real problem is that these libs often get those tasty 0day vulnerabilities. Which distro maintainers prudently patch - the random flatpak packager? Not so much. So even though your "system" (I.e. native distro packages) is patched, your flatpaks' security is in the hands of those individual maintainers. Spoiler alert: they update their stuff WAY less frequently, if at all. The user is in the belief that "my system is up to date", but really, it's not in the slightest.

Linux needs their Win32. A common, stable, well-controlled, robust, well-rounded runtime. LSB tried to do something like that, but guess what, it died off. Linux is inherently incapable of implementing anything close to Win32. Why? Because many of those Linux folks consider it to be their core values. The stable_api_nonsense.txt. The "freedom of choice". Which is a nice way of saying "if I can't accept others' opinions, I'll just do it my own way".

Just look at the sh*tshow systemd caused, and still causes to some degree, among Linux users. Which is beyond comprehension - I couldn't care less about the init process in use. But some people still can't get over the fact that Linux distros, for once, finally agreed on something. They just WANT to differ.

Did I mention that Canonical keeps pushing their own cr@p, snapd? Which is even worse, if you can actually believe that - it doesn't even support user installs. But they're totally invested in that, their IoT stuff is 100% snap-based, so you're doubling down, of course. As with most things Linux.

So yeah, good luck with Flatpak. Can't wait to have all my libs installed 27 times on my system, filled with juicy 0days. Mmm.
Click to expand...
Isn't .deb already capable of being that, or am I confusing that with .exes?
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Don't update Minecraft through the Xbox app for now, it could erase your worlds
Replies
3
Views
192
erickmendes
erickmendes
D
Fortnite will finally get a first-person mode later this year, but it's not coming to...
Replies
2
Views
137
mrtraver
M
Daniel Sims
This company aims to offer a new gaming OS to compete with SteamOS and Windows
Replies
3
Views
121
dangh
dangh

Latest posts

Back