This leads to a false sense of security. A notable issue I found is if you disallow network access to a flatpak, it can still talk to the portal and tell it to open a link in your browser. This allows it to communicate back to a server through your browser even though you disallowed it. Very terrible.
Security should to be dead easy and difficult to mess up. The countless threads I’ve read on flatpak tell me the communication about flatpak’s actual security has been quite terrible, and so it doesn’t fit this category.
Same. I like it that I can install Librewolf and some other software on Mint from Flathub instead of adding some obscure repositories with commands I don’t even understand.
True, but not in a way that SnapPakImage is going to fix.
What about that isn’t “healty”?
You are basically downloading and saving the signing key of docker to the currently recommended place with appropriate permissions, and adding the docker deb-repository, explicitly stating that it should be signed by that particular key.
If you don’t trust docker, don’t add their repo. By the same logic, the Flathub repo is an “obscure repository” too.
System packages are always light but share the same dependencies with everything else which saves space. However, they don’t have any sandboxing, which makes them less secure than Flatpaks. It’s best to use those for simple programs.
Flatpaks are amazing because each Flatpak is sandboxed with its own dependencies, and if you already have the dependency on your device, it doesn’t download it again but clones it from your device to reduce bandwidth load. Flatpaks are a great fallback when system packages aren’t available because they’re compatible with all Linux distributions and I advise you use them primarily for any program that connects to the Internet as they’re more secure.
I’m not sure what exactly you’re calling unfounded but I did rephrase my statement to be more accurate.
For further info I really suggest this video from The Linux Experiment.
https://tilvids.com/w/7sKzyoAFK28UmhhZJ2B4hA
using apt (nala) and deb, forever. Ban flatpak/snap.
Flatpak is actually a really good solution. Snap is garbage though.
I do a combination of Flatpak for niche 3rd party applications and apt on Debian for standard stuff that everyone wants/needs.
My biggest gripe with flatpak is the fact it isn’t sandboxed properly by default.
I’m not referring to vendor-given privileges. Every flatpak, unless explicitly ran with the –sandbox option, has a hole in the sandbox to communicate with the portal. Even if you try to use flatseal to disallow it, it will still be silently allowed.
This leads to a false sense of security. A notable issue I found is if you disallow network access to a flatpak, it can still talk to the portal and tell it to open a link in your browser. This allows it to communicate back to a server through your browser even though you disallowed it. Very terrible.
Security should to be dead easy and difficult to mess up. The countless threads I’ve read on flatpak tell me the communication about flatpak’s actual security has been quite terrible, and so it doesn’t fit this category.
Same. I like it that I can install Librewolf and some other software on Mint from Flathub instead of adding some obscure repositories with commands I don’t even understand.
Like with docker, this isn’t healthy:
# Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get updateSource: https://docs.docker.com/engine/install/ubuntu/
You may want to learn the commands and review the repos.
True, but not in a way that SnapPakImage is going to fix.
What about that isn’t “healty”?
You are basically downloading and saving the signing key of docker to the currently recommended place with appropriate permissions, and adding the docker deb-repository, explicitly stating that it should be signed by that particular key.
If you don’t trust docker, don’t add their repo. By the same logic, the Flathub repo is an “obscure repository” too.
System packages are always light but share the same dependencies with everything else which saves space. However, they don’t have any sandboxing, which makes them less secure than Flatpaks. It’s best to use those for simple programs.
Flatpaks are amazing because each Flatpak is sandboxed with its own dependencies, and if you already have the dependency on your device, it doesn’t download it again but clones it from your device to reduce bandwidth load. Flatpaks are a great fallback when system packages aren’t available because they’re compatible with all Linux distributions and I advise you use them primarily for any program that connects to the Internet as they’re more secure.
Snaps are worse Flatpaks lmao
Absolutely unfounded.
I’m not sure what exactly you’re calling unfounded but I did rephrase my statement to be more accurate. For further info I really suggest this video from The Linux Experiment. https://tilvids.com/w/7sKzyoAFK28UmhhZJ2B4hA