In a surprise move, Ubuntu developers have agreed to stop shipping Flatpak, preinstalled Flatpak apps, and any plugins needed to install Flatpak apps through a GUI software tool in the default package set across all eight of Ubuntu’s official flavors, as of the upcoming Ubuntu 23.04 release.

    • AgreeableLandscape@lemmy.mlM
      link
      fedilink
      English
      arrow-up
      10
      ·
      2 years ago

      And Snap isn’t? If you think Flatpak is bad how exactly is locking you into an objectively worse universal package manager the solution?

          • Helix 🧬@feddit.deB
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 years ago

            It needs a daemon (lots of wasted resources).

            You have to fiddle around in config files to allow access to files on the system instead of using something like Flatseal.

            It basically only works with a store which is kind of proprietary.

            Own repositories are hard to set up.

            The packaging for software maintainers is harder than Flatpak’s.

      • winnie@lemmy.mlOP
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        2 years ago

        @federico3@lemmy.ml, @ParanoidFactoid@beehaw.org

        You misunderstand problem, that Flatpak is solving. Yeah, it’s not ideal way to distribute OSS software, if it already exists in distro’s repositories. But many distros has small repository with outdated software. But FP is great to run proprietary software, as it is able to confine it into sandbox. And untrusted code won’t be able to access your home dir!

        Some benefits can be for OSS software too, as some security bugs can be unintentionally introduced, or perhaps someone would intentionally introduce malicious code to codebase, and it would bypass code review. But mostly for Browsers, which might have remote code execution bugs.

        • federico3@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 years ago

          No, you are confusing flatpak with sandboxing. Sandboxing is a good thing. You don’t need flatpak to implement sandboxing. Additionally, good sandboxing has to be configured by trusted 3rd parties, like package maintainers, not by upstream developers, because the latter creates a conflict of interest.

          • Helix 🧬@feddit.deB
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            2 years ago

            What solution would you use instead of Flatpak for sandboxing and reducing the workload of maintainers providing packages to many distributions at the same time?

            I’d rather have a maintainer spend time on actually maintaining software instead of packaging it. They can package as AppImage, tarball and Flatpak and I’m happy. You don’t have to use Flatpak, you know? Linux is about choice. I have never used any software which was available exclusively as Flatpak.

            • federico3@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 years ago

              You are confusing package maintainers with upstream developers. They are not the same people, and this is by design in most distros, so that maintainers provide a second pairs of eyes, provide security fixes and sometimes remove trackers and similar “features”.

              • Helix 🧬@feddit.deB
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                2 years ago

                No, I know what a software maintainer is. In many cases, the developers writing the software also provide builds or at least build scripts. So they’re also packaging it.

                You’re obviously correct that the people maintaining packages in distributions don’t have to be, and often are not, the same people who maintain the packaging scripts in upstream repositories.

          • winnie@lemmy.mlOP
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            2 years ago

            I understand that sand-boxing can be achieved by other means, and flatpak is using kernel facilities. But this is actually way to make it mainstream, and ease applications packaging. Similar thing to what happens on mobile platforms, like Android and UWP(bruh). So this is actually progress to better and safer desktop. Not perfect yet.

            Most flatpaks don’t require access to root or home fs, so host files are shielded. Only way to access fs is using file access dialogs and Drag’n’Drop(which is broken currntly)

            good sandboxing has to be configured by trusted 3rd parties, like package maintainers, not by upstream developers, because the latter creates a conflict of interest.

            Unfortunately this is true. But you can check defined permissions before installing app. And user would be notified it application after update requires more permissions.

            But I guess flathub maintainers won’t check/review packages, so not ideal.