The Future of Flatpak
271 comments
·May 22, 2025ndiddy
bigfatkitten
Red Hat has since walked some of this back. Firefox and Thunderbird were supposed to go Flatpak only for RHEL 10, but they eventually shipped rpms for GA.
Seems there were a myriad of causes for this including lack of Native Messaging, no ability to deploy policies centrally, and broken integrations with various other parts of the desktop ecosystem.
ndiddy
They walked back Firefox and Thunderbird, but Evolution, LibreOffice, GIMP, Inkscape, and Totem have all been dropped. Red Hat no longer packages an office suite, a raster image editor, a vector image editor, or a media player for RHEL. This means that even people using RHEL as a development workstation or something will have to download software from Flathub if they don't want to use a second computer for all their general office tasks.
bigfatkitten
Desktop is not a large market for Red Hat. Even their employees mostly use Fedora.
The only place I really see RHEL workstations is in special purpose applications, and in most of those the users either have a separate Windows box, or they Citrix/RDP into the corporate Windows environment to do normal office productivity things anyway.
mbreese
Given the target of RHEL, I can’t say that I disagree with their decision to not package those applications for RHEL 10. RHEL isn’t really designed to be a user desktop. Ever since RH split out workstation and server versions of the OS, RHEL has always been targeted for servers. I don’t think the lack of an office suite will really be that impactful towards users.
This is just made all the more true if there is an alternative source for these tools, like Flathub.
OsrsNeedsf2P
This one hits close for me.
Flatpak is probably the best way to distribute desktop apps on Linux. I say this as an app dev, a packager, and a user. At one point I maintained close to a dozen packages.
I eagerly waited for months to see what they would do next - what magical features they would introduce. I was active on the forums helping other users package apps, helped review Flathub submissions (since it was always the same problems each time), and started checking out what PRs were happening. Silence.
The months turned into years, and as more years came, I slowly fell away from engaging with Flatpak. I'm back to using the AUR for most things (Arch, btw), but I'm quite sad to hear the situation get spelt out. Flatpak really was revolutionary; bringing modern apps and painless distribution to all desktops - LTS or rolling release. But it hasn't really changed at all since it first took off years ago.
MindSpunk
I have almost never had a good experience with Flatpaks as a user, outside of ease of installation. They almost never integrate with the system properly. Wrong theme, wrong cursors, wrong file picker, permission issues, drag-and-drop issues. You often need extra tools that broaden the permissions of apps post-install because some feature won't work (global push-to-talk in Discord is always fun, especially with Wayland).
I couldn't care less about sandboxing if the UX sucks as a result.
If binary portability wasn't such a complete joke on Linux we wouldn't need Flatpak, but here we are.
archargelod
I find Appimage to be better alternative to Flatpak: no install, persistent through linux installations, no issues with themes, icons, Xorg config; in practice - take fraction of flatpak storage size, optional sandboxing with external tools like firejail, easier to run from terminal / dmenu / rofi, very easy to tinker with and fix.
There's just one problem: they don't integrate with desktop without an additional application. We need a feature where dropping an AppImage into "~/.local/share/applications" would automatically detect it as a ".desktop" file and make it appear in the DE menus.
ChocolateGod
> There's just one problem: they don't integrate with desktop without an additional application
Their biggest problem is that they're not actually truly portable between distributions. They're a gamble of what they're compiled and bundled against, and it's possible for two distributions to not have binary compatibility with each other due to user space differences (different versions, compile flags etc). The kernel developers may not break userspace between updates, but userspace developers certainly have no qualms about breaking userspace.
When you head out of Ubuntu/Debian where developers often build AppImages on (because Linux is a neglected platform and when they think Linux they think Ubuntu), they often fail to run or have errors (e.g. on Fedora). There's more problems such as the terrible practice of encouraging people to set the execute flag on binaries they download off the web.
Flatpak avoids the dependency problem entirely because it's uses runtimes and namespace to ensure reproducible and stable runtime environments.
krisgenre
For desktop integration you can use Gear Lever https://github.com/mijorus/gearlever. It can also update AppImages with some configuration changes.
kalaksi
I disagree. Flatpak pros:
- installing: easy to locate, install and has centralized management for updates.
- flatpaks are also persistent. User-installs are in the home dir.
- sandboxing built-in.
Can't comment on other stuff. Haven't had issues.
padraic7a
on Ubuntu you can integrate Appimages with AppImageLauncher.
https://www.omgubuntu.co.uk/2022/10/appimagelauncher-install...
_flux
I've found AppImages less universally functioning, though. Some segfault on start or have some other weird problems later, while presumably they work great on the author's system.
They seem to work on my current systems, though, and I use a few, but flatpak has always worked on any system, and I expect it has higher chance of working as it delivers more of the system.
lproven
> I find Appimage to be better alternative to Flatpak
Me too.
But there is a "bigger picture" view of this which I think is important and relevant:
• AppImage encapsulates apps' requirements using the app bundle format from the ROX desktop: https://rox.sourceforge.net/desktop/
• ROX borrowed the idea of app bundles from Acorn's RISC OS, which is still around and is FOSS now: https://www.riscosopen.org/content/
• The RISC OS desktop treats folders whose names begin with a pling (`!`, an exclamation mark) specially. It expects a structure inside with an icon, a launcher script, etc.
• RISC OS also had an "icon bar", a forerunner of the Windows taskbar
• One of the Acorn engineers who worked on RISC OS was head-hunted to NeXT Computer in California. He took his Archimedes with him.
Source: an interview I arranged: https://www.theregister.com/2022/06/23/how_risc_os_happened/
• About a year later, Steve Jobs demonstrated NeXTstep 0.8 with a Dock
• NeXTstep also has app bundles, demarked by a folder called $NAME.app instead of !$NAME
This is a pervasive and influential idea. It's how macOS apps work and that can be traced to RISC OS.
NeXT style bundles are available and work on Linux if you have GNUstep. There are 2 extant GNUstep desktops:
https://onflapp.github.io/gs-desktop/index.html
https://github.com/trunkmaster/nextspace
But there is a distro which takes this idea much further and packages the _entire Linux OS_ in app-bundle directories:
I think the makers of Flatpak, Nix, Guix, and Spack -- https://spack.io/ -- all really ought to take a deep look at ROX, AppImage, and GoboLinux.
What all of these do can be done better, in a more human-readable way, if you throw away ancient UNIX assumptions about filesystem directory hierarchies.
This was mostly not designed and was in historical fact accidental anyway:
https://lists.busybox.net/pipermail/busybox/2010-December/07...
Gigachad
Flatpak does have answers for this stuff but it's more the programs inside them aren't utilizing the right APIs, they are meant to use the portals api for filepickers which would use the system filepicker and securely portal stuff through the sandboxing. But many apps just don't.
Theme is also an odd one. GUI design in general has shifted away from an OS theme and more towards an app/product theme which stays consistent between the product on different platforms. Discord for example looks largely the same on Linux, Windows, iOS, and web.
MindSpunk
Even for apps that don't use one of the native toolkits like GTK or Qt, where this has been a solved problem for decades, they should at least respond to a dark/light mode flag if they can. Flatpaks mostly don't.
They don't even have the same cursor as the system a lot of the time. It's especially cool when running display scaling when some apps shrink the cursor to a minuscule size too because of poor system integration.
_flux
I believe it doesn't work for me to open a directory of HTML files in Firefox: it just opens one file, and that's it, so style sheets and links are missed.
I've worked around by running a local web server for that content, but I'd rather if it just worked. The problem is also in some apps that open web browser for their documentation by invoking them directly.
vrighter
If the apps inside need to be specifically coded for it, then why is it "marketed" as a way to sandbox currently existing apps?
s_ting765
To make the best out of flatpak, it's best to think of it as a new sandboxed distribution that lives on your host system. E.g You could check if a specific theme is installable as a flatpak application.
Flatpaks are not perfect and I have my gripes with flatpak but the only alternative is Ubuntu's snaps.
qwertox
Ubuntu's Snaps depend heavily on AppArmor which is not present in many of the other top-tier distros which use SELinux, so it's not an alternative.
preisschild
Many of the problems you mentioned are already resolved though.
For example "global push-to-talk in Discord is always fun, especially with Wayland" was solved by using the [Global Shortcuts Portal](https://flatpak.github.io/xdg-desktop-portal/docs/doc-org.fr...).
Most desktop environments / window managers support that portal and stuff like Electron does too, so for example with Slack (installed over Flatpak) in can now toggle mute even If i dont focus Slack.
tmountain
STEAM on Fedora requires a bunch of incantations on the CLI to get controller support working after Flatpak installation. This pretty much solidifies its flaws as a format. "Table stakes" apps should just work.
alkonaut
Why do these things not work properly when apps are flatpaks? e.g. if an app tries to query the environment and ask "what's the theme", how would it get a different answer when run from a flatpak?
thyristan
Different answers for different problems, but basically two reasons.
First, library/software/data versions inside the flatpak can and will be different from the ones outside. So a flatpak might as "what is the current Qt5 theme", and get the answer "don't know about Qt5, but the Qt6 theme is cute-cats-qt6" which it cannot interpret. Things like themes might not even be available inside the flatpak, so even if the answer were parseable, cute-cats-qt6 might just not be available on the inside.
Second, flatpaks are sandboxed, so things will be filtered. This means that a query might not get through, an answer might not get through, both might be altered. Or maybe an answer might be useless because "you can get the theme at /usr/share/themes/cute-cats-qt6" points to a path that the flatpak is not allowed to access.
afiori
I don't actually know but I guess the issue is that the theme/gui libraries are sandboxed too
Haemm0r
You don't need Flatpak at all to have these kind of usability issues, it is deeper than that: For example, if you mount a samba share in the Linux Mint Cinnamon file explorer it is just good to use it from there. Accessing files from the mounted share from "external" apps is a pita (shares are mounted to some obscure path(permission issues), the apps filepickers never have the information that a share was mounted, etc.). If you want usesful access to a samba share you have to mount it via terminal; This way at least the path to the share is short.
skydhash
I think that because a lot of gtk apps use gvfs[0]. And most kde apps use kio[1]. But if you want files access through the standard syscall. You have to use the standard mount program or fuse.
INTPenis
That's not UX though, it's more theming. If themes affect your UX then there is no pleasing you.
True enough I'm happy with flatpak but I never stray from the default GTK themes.
I was unhappy with flatpak until I found Flatseal, now I include it on all my workstation setups.
But I can't help you with the theming unfortunately, I think that's a sore point for a lot of users that like customizing their Linux DE.
WD-42
I feel the same. Like a few years ago Fedora + GNOME + Flatpak was the magic sauce. Not so much anymore. I’m back to Arch as well, which seems as if its package repositories have only grown. The AUR is there but I’m shocked how little I need from it.
medstrom
Question, since you maintained many packages:
> I'm back to using the AUR for most
Have you tried makedeb then as a second channel? https://www.makedeb.org/ It uses PKGBUILDs, so pretty easy to translate. It seems so well-placed to help packagers I'm not sure why it isn't heard of more.
amluto
In case anyone ever seriously contemplates a new design, here's an anecdote:
Quite a few years ago, when Flatpak was a brand new project, I met some of the original developers. I tried, and failed, to convince them to change one particular fundamental part of the design. In the original design, and today, an installed Flatpak has a name, the permissions are bound to that name, you run that Flatpak and it has its assigned permissions, and, if anything else talks to it, it talks to it by that name. If I install a VSCode Flatpak as my UID and grant it access to my Documents directory, then VSCode, running as me, has access to Documents.
I argued that this was the wrong design. If I install VSCode as me, then there should be an installed copy, and that should have approximately no significance. If I run VSCode, then the running instance should have some id (possibly ephemeral), and that instance should have a set of permissions. If I want to run VSCode with access to ~/project_a and another instance with access to ~/project_b, it should just work and the instances should not be able to access each other's data, even if they're running at the same time. If I want to run two Tailscales, it should work. If I want to fire up an ephemeral instance of Firefox, that should work, too.
However many years later, I still think I was right. Flatpak gets this wrong, MS and Apple's App Stores get this wrong, Mac OS gets this (very very) wrong, etc. There's plenty of opportunity to do better.
(This is important from a bug-mitigation perspective: a LibreOffice document that achieves RCE should not be able to access my other documents. It's also important frmo a vendor-doesn't-care-at-all perspective: VScode has basically no security to begin with, and VSCode inside Flatpak ought to have a degree of real security courtesy of Flatpak.)
ptsneves
Rant ahead.
I really dislike these towers of complexity in the name of security. A PC is a general purpose device and it is mine. I don't need to have permissions per each instance, i don't want sandboxes that cannot share files with other applications and I don't want the concept of everything is a file to go away in my PC. My PC is not a single window device, nor do I run a server facing the internet. Please model the threats and adjust security with usability accordingly.
I have a reason for this: Thunderbird and firefox on Ubuntu now do not have access to the /tmp directory and instead have their own directories in some unconventional place. When i want to do something as simple as save an attachment in thunderbird and open it in another program I cannot have done to /tmp and need to put it in some permanent storage. But it gets worse due to the sandboxing. Now thunderbird cannot also show me viewer applications because it is sandboxed and does have the means to suggest other installed applications.
The computer stops being mine so it becomes the playground of architecture astronauts that think usability of said programs are always less important than security. To those people I would like them to tinker on the most secure devices in the planet [1] so they would not intrude on people trying to get things done.
amluto
The whole “server facing the Internet” attack model is real, but it’s rather out of date. Especially if you’re a programmer, the software on your machine is likely to try to attack you.
In any case, the right solution for saving files from Thunderbird has been known for years: “portals” or whatever a particular sandbox system calls it. The sandboxed code in Thunderbird asks more privileged code to pop up a file chooser, and Thunderbird gets to save the chosen file. Zero friction and excellent security. Sadly, no one has gotten the whole ecosystem to play along. Android has supported this for years and app developers complain and refuse to use the correct API. iOS apps barely support files. I think Flatpak can do this, but almost no one does it.
ptsneves
Thanks for answering.
The threat model for a programmer is likely much more complicated than for a regular user, but not related to sandboxing.
Regarding the "server facing the internet is real", I am not sure I get your point. Could you elaborate?
The point you make about portals and how the support exists but neither Flatpack/IOS or Android ecosystems get it right is very revealing: when nobody gets it right then it likely means the design is broken. Even Fuscia failed and it was an OS built from scratch to focus on userspace isolation and contracts for IPC and syscall.
Anyway it is very unfair to the users when designs supplant existing ones breaking things that used to work. Again we are talking about very basic computer usage patterns that have existed for several decades.
yencabulator
> I think Flatpak can do this, but almost no one does it.
Flatpak can do it poorly. What I see is opening a file for read once gives the sandboxed app write access to that path name forever.
soulofmischief
That is the problem, though. It was never yours. It belonged to app developers, some of them potentially nefarious. When you have thousands of packages supporting your desktop environment, the only sane security model is to treat everything like a threat, and make permissions opt-in, not opt-out. X for example just lets every program spy on your keyboard input, sample memory /framebuffers, etc.
In the end, when it comes to security, the average user doesn't know best and should let the people who do design the systems. This is why we have seatbelt and child endangerment laws.
seba_dos1
> That is the problem, though. It was never yours. It belonged to app developers, some of them potentially nefarious.
But it has been mine for decades and nefarious developers somehow weren't a real issue in my distro's repositories for this whole time. It's a self-inflicted problem.
thyristan
You are right, but actually I think you would want to go beyond that and build a hybrid of your approach and their approach:
For your documents, you will usually want your approach. Maybe with some optinal allowance for useful things like a "recently used documents" menu or something.
But for more enviromental things, I would want at least the option of allowing all instances the same access without a lot of permission prompts later on. E.g. my git config, my fonts folder, my code snippets library, stuff like that.
hshdhdhj4444
You may be right. And it’s even possible that the flatpak developers believed you were right.
And it mah still not have been the right decision because when it comes to products like Flatpak there are a lot of considerations beyond just what the best technically correct choice is.
For example, based only on your comment, basically every other OS does it the same way Flatpak does it. So if the Flatpak developers had done it the technically correct way like you suggested, it may have been enough of a burden for app developers, especially multiplatform app decelopers, that they wouldn’t have used Flatpak in the first place.
freeopinion
By this argument, Flatpak should not exist at all. If it does anything differently that is bad and if it doesn't do anything differently, why exist?
dartharva
Mildly OT but I have longed for this kind of app portability in Android too. Some OEMs like Xiaomi apparently took note a few years back, offering inbuilt app "duplication" features in their OS's but only for a few popular apps like WhatsApp.
zzo38computer
Yes, that would be better, for specific instances of the running program to have a set of permissions instead. However, I think this is not the only issue.
It is what I had wanted too, not only you.
I think that the entire operating system should need to be redesigned for many reasons (I mentioned before how to design a better one), and it would have that effect, that specific instances of a running program would be given capabilities as arguments (or through other capabilities, but the first ones must be given as arguments), and these capabilities can have restricted permissions, as well as more versatile things e.g. to log access, or to go through a proxy, or to set a disk quota, etc.
eduction
Even if you’re right about how software packages should work (I tend to agree), whether Flatpak should take on enforcing this model is a whole other question.
As far as I know, older packaging systems like dnf/yum and apt allow what Flatpak allows.
Maybe the developers just wanted to focus on being a good packaging system, which as we’re seeing is a hard enough job, and not on changing the permission model of packaging systems. Seems reasonable?
creatonez
I do think this would be good for power users who want strict isolation between different instances of apps (and I'd also love to see better QubesOS type approaches, using a hypervisor), but perhaps most of this kind of work should be prioritized inside the application itself, using nested sandboxing. That way, the barriers are exactly where the user expects them to be based on the normal behavior of the application. Assuming vulnerabilities in the code that glues it all together don't get explosive, of course.
Web browsers do already use a variety of sandboxing techniques to achieve separation between tabs. Some of these techniques work inside Flatpak, but some of them are broken by Flatpak:
> Ideally, Flatpak would simply support nested namespacing and nested sandboxes, but currently it does not. Flatpak uses seccomp to prevent applications in a sandbox from having direct access to user namespaces.
Some of them are replaced by Flatpak, for application developers that wish to use the APIs:
> What Flatpak does instead, currently, is to have a kind of side sandbox that applications can call to and spawn another Flatpak instance that can be restricted even further
Fortunately, it seems Wick is optimistic about UID namespacing, the main thing stopping Firefox and Chrome from fixing this:
> Wick feels that user namespaces are, nowadays, a well-tested and a much-used interface. He does not think that there is much of a good argument against user namespaces anymore.
Back to the topic of instanced Flatpaks, as I understand one snag is that there is a long-term desire (by app stores/platforms in general) for a full boot-to-userspace code-signing setup to be tied into the sandboxing. The identity of each application should remain the same (unless specifically overridden by a power user) so that a fake version of an application can't adopt an existing application's confidential encrypted files if it doesn't meet the codesigning requirements. I guess one solution here would be for the segregated instances to be nested inside the application's identity, but that's getting quite complex. And we don't even have encryption nor any functioning secure boot + confidential computing implementation yet -- all we really have so far on this front is the reverse domain name notation being verified by Flathub, with filesystem access sandboxing to keep these folders separate.
boudin
I might have misunderstood this part, isn't that the role of the xdg-portal which gives ephemeral access to whatever gives access to to the instance?
nycticorax
I don't agree with him 100%, but I always find Drew DeVault to be thoughtful on this topic:
https://news.ycombinator.com/item?id=32936114
https://drewdevault.com/2021/09/27/Let-distros-do-their-job....
Basically, he argues that application distribution outside of the distro (a la flatpak, snap, appimage) is just a bad model. The right model is the one distros have been using for years: You get software through the distro's package manager, and that software is packaged by people working on behalf of the distro. As he says: "Software distributions are often volunteer-run and represent the interests of the users; in a sense they are a kind of union of users."
The other issue, of course, is that in practice flatpaks/snaps/appimages never seem to 100% work as well as distro packages do.
jillesvangurp
I disagree with that. IMHO the best possible people to create a package for an application are the original developers of that software. If that software is proprietary, that also happens to be the only party that can legally do that anyway. Because it typically requires access to the source code and software redistribution requires permission.
So, the model you mention only works for open source packages. And I would argue that even in the case an app is 100% open source it's a bad idea for somebody not affiliated with the core development team to be second guessing a lot of things about that application.
It results in a lot of issues that aren't necessary. Like needless lag between developers releasing new software and some third party doing whatever uninvited tweaks they think are necessary, or adding their own bugs and new issues.
It's why I always install Firefox in tar ball form straight from Mozilla for example. It updates itself as soon as developers OK some patch. This happens a lot and mostly for security and stability reasons. I want those patches when they release them. The things external distribution maintainers do are redundant. I trust Mozilla to do the right thing and be the most clued in about any issues regarding their own software. With proprietary stuff, I just want stuff to run with a minimum of hassle.
Flatpak is trying to do too many things. It's trying to emulate an appstore. I don't necessarily like app stores. They are gate keepers. What do developers on Windows and Apple do? They put binaries on their own website. You download them. You install them. And then they run. Downloaded apps have the same rights as apps provided via app stores. The app stores don't repackage the app, they merely distribute them. It's an add on service. An optional extra. All the essentials that provide security are baked into the OS and the application package. There are a few mechanisms that windows and mac provide to make things secure. Binaries are signed, the OS has a permission model for things that need that (screen sharing, directory access to certain things, using the webcam, etc). That's the right model. That could work for Linux as well. It shouldn't require taking control of distribution or packaging by some third party.
boudin
Flatpak is more of a set of tools and framework. I wouldn't consider it as a store but a distribution system. Flathub is a repository, Fedora has its own repository and anybody can creates its own repo (I wouldn't call it store as there is no concept of monetisation).
I wouldn't consider flatpak as a gatekeeper as there is no "team" going through some arbitrary process to allow/disallow an app.
I also disagree with the fact that macos and windows did the right thing, what I found in my experience managing laptops in a company that is roughly 1/3 windows, 1/3 linux, 1/3 macos is that: - What windows is teaching users is to download random stuff and bypass the warning screens if something is not signed. Unless there is a company policy and a third party software to update what is installed, by default things installed are a mix of up to date and not update to date software. - Macos user do not install operating system and software updates unless a third party software is installed and force them too - Linux users have things up to date, only distribution version updates (e.g. fedora 41 to fedora 42) are inconsistent.
So my take is that, even if things on not perfect with flatpak, rpm/dnf, fwupdmgr and package manager, this is much better than having to pay for third party tools in macos and windows because of the lack of a good way to distribute and maintain apps at the operating system level.
jillesvangurp
Only fedora can put stuff in their flatpak repository presumably. That makes them a gatekeeper. Why is a repository needed? If it was the same, Mozilla would be able to put a flatpak file for Firefox on their website and it would be the preferred way to install Firefox.
Of course everybody (including Mozilla) can create their own repository and then you can install from any repository you like. But how is that different than just downloading whatever and installing that? And that's more of a hypothetical. Mozilla doesn't do that and doing such things is not common.
What Apple and MS enforce via signatures is that what you install and run was produced by somebody with a valid certificate that passed their screening.
The problem flatpak hasn't solved is that the likes of Mozilla still have no good way to distribute the most recent version of their application to all Linux users. So they put a tar ball on their website instead.
lucas_membrane
I think that you are right about not depending on one open source OS to provide the proper depencencies, customizaion, and training wheels for every app. I have been running linux on my desktop for about 20 years, about one decade of Mint followed by the same of Fedora so far. Being a curious but fussy guy who installs lots of software to see what works, I find that I need to install a fresh OS about every 18 to 24 months.
There are, I suppose, always a few programs that don't get upated by 'sudo dnf update' but do get bothered by updates to the shared libraries via the same. Perhaps there are some config files that get damaged by software bugs or power outages or system crashes or my own mistakes and carelessness. I also found out that if one loses the dnf program, one will discover just how impossible it is to pull oneself up by oneself's bootstraps.
Mint was a very similar situation. Maybe not so bad for one who follows all the rules, but in those bygone days there were people suggesting that updating Mint programs with newer versions fron the ubuntu or debian repos was a good idea. And because Mint was slow to get updates, I would attempt to update some apps by downloading source and building and installing here.
Last year, when I upgraded Fedora from 39 to 41, was the first time I got any OS upgrade to work instead of wiping the disk, doing a fresh install of the new OS version, and then spending a week or month trying to get my data for the installed apps (eg web browser and email) from backups. But the upgrade took much longer than it should have, because once I started running the upgrade process, I did not know that the computer sitting there dead silent with no action on the screen for about 30 hours was a sign that all was going well. Computers are evil.
Vilian
You van havê other repos in flatpak than flathub, so in theory the devs can package their app on their repo and tell the user to install it
sbt
The problem is that now you have to package for N distros. And the people who run the distro may not want to spend time on it, so you have to do it yourself.
Arnavion
It doesn't have to be gated by "the people who run the distro". I started packaging a few pieces of software for a distro I use because I wanted to use that software, and I don't "run" the distros in any capacity. Package maintainers aren't born that way, they become that way by volunteering, just like most everything in Linux.
If you don't have even one user willing to do that for the distro they use, you probably weren't going to have users on that distro anyway.
troyvit
> Package maintainers aren't born that way, they become that way by volunteering, just like most everything in Linux.
I feel like there's a constant tug of war on this issue. If you leave it up to app developers then they have to package their app for N distros. If you leave it up to the distro maintainers then they have to compile N apps for their distro. I don't envy either group given how different distros are and how varied apps are in quality, methodology, etc.
I look at Podman. In my opinion it could be (could have been?) a huge disruptor, but its RedHat (or Fedora or CentOS or whatever the hell those guys do now) versions are way higher than versions for other distributions, which creates for me (just a home user) an interoperability problem between all my different Linux boxes. RedHat if anybody has the resources to fix this but I guess they'd rather try to use it as a way to force adoption of their distro? I don't even know.
Both the apps and the distros are volunteer-heavy. App packaging is a big job for either side. I'm still hopeful that Flatpak can help that job
Ferret7446
That's a massive waste of resources and time.
If you are unwilling to use tools like Flatpak, then that limits what distros you can make. e.g., in a world without Flatpak, only distros with X users can exist. In a world with Flatpak, distros with X/10 users can exist.
Another way to think about it: if you want to make/use your own distro, then using Flatpak will cut down the amount of work you have to do by some large multiple. You're free to not use it, just like you're free to install custom electrical sockets in your house and make custom adaptors for every single appliance you buy.
Standardization/centralization exists for a reason.
palata
You're saying the exact opposite of the original point, which is: you should not package for distros, distros should package for themselves. You just distribute your sources.
You are a good candidate to package for your distro, so there's that. And then for a random distro, if nobody feels like packaging for it, then it's just not there. Either there is not enough interest in your project, or there is not enough interest in the distro itself.
curt15
> distros should package for themselves. You just distribute your sources.
Is Devault basically saying that the application developer should just throw their source code over the wall and hope that other parties notice and figure out how to build it correctly? I would find that model of software distribution unsatisfying as a developer because merely distributing a source tarball and leaving the rest to middlemen makes it difficult for me to predict how my users will experience the final product. Even if my product is fully open source and free to fork, it's my reputation on the line when things don't work as intended. I would prefer to establish a more direct relationship with my users; to personally build and test my software in all environments that I support; and to hear directly from users whenever they experience problems.
troupo
> distros should package for themselves. You just distribute your sources.
That's how you ended up with Erlang being split into 20+ packages on Ubuntu/Debian in the past. Because it was packaged by people who know little about erlang, and had too much time on their hands probably.
And that is the main issue: you want distro maintainers to compile and package every single pieces of software under the sun, but they can't possibly know every piece of software, how it works, or how it's supposed to work. Times that by the number of distros.
arunkant
Application developer should be able to package and distribute the app. See how easy it is for casual user to download and install any application on windows. Maintainers cannot scale and depending on them will just hold back Desktop Linux
LtWorf
The best thing about unvetted app stores is that anyone can publish software!
The worst thing about unvetted app stores it that anyone can publish software!
ndiddy
Flathub is not unvetted. Every submission goes through human review. If a piece of software requires an unnecessary permission (i.e. if someone submits an alarm clock program that requires home folder access and internet access), it will get rejected. If a developer updates their software and changes the required permissions, the update won't get pushed to users until it goes through human review.
Besides this, for open source packages, the code gets built on Flathub's build servers without internet access. The source code associated with a given Flathub package version must be either a specific Git commit (verified with a commit hash) or a release tarball (verified with a sha256 hash). This means that it's always possible to verify that the code a developer publishes corresponds to the binaries being shipped to users. Closed source packages get a big warning on their Flathub pages saying that the program's code is proprietary and not auditable.
With the traditional distro packaging model, the requirements to become a maintainer are stringent and there's human review when a package is added, but there's typically no review after that point. If you'd like a recent example of the drawbacks of this system, see here: https://security.opensuse.org/2025/05/07/deepin-desktop-remo... . After the OpenSUSE security team rejected certain components of the Deepin DE for containing major security problems (including multiple root privilege escalation vulnerabilities), the Deepin maintainer smuggled them in anyway through an innocuous looking package called "deepin-feature-enable" and nobody in the security team noticed for several years. I'm not trying to call out the OpenSUSE security team here, I'm sure they don't have the resources to vet random packages. I'm saying that expecting maintainers to never ship malicious code because they went through the process to become a maintainer is a weakness of the traditional distro packaging model.
tempaccount420
Distro package maintainers are not security researchers, they don't audit the code they maintain.
poulpy123
> that software is packaged by people working on behalf of the distro.
It is totally unreasonable to expect distros to be able to package every software in the world
s_ting765
I'm glad flaptaks are getting more adoption. Application distribution needs to move from distributions because they suck at it. Due to no fault of their own. Developers should have the option to distribute their apps without middlemen.
pjerem
In fact I’d say they are perfect for distributions to be more stable. E.g. : my issue with Debian have always been that you couldn’t (easily, I know backports existed) have stable system AND fresh software. With Flatpack, you can.
Now I can run my latest user softwares on a stable distribution. That’s pretty cool.
There are still issues of UX. Especially when the app you are using doesn’t have enough permissions to do the job, you have no information about it and when you guess it by yourself, changing this is hard.
I’d expect that Flatpack should allow apps to specifically ask for permissions in real time or when they try to access external resources like in macOS : just expose the APIs but make them wait for user approval.
fc417fc802
> Now I can run my latest user softwares on a stable distribution. That’s pretty cool.
I'm at a bit of a loss. Isn't the entire point of a stable distribution _not_ having cutting edge userspace? It's an inherently double edged sword.
If you just wanted to mix and match you were always able to run (for example) a debian testing chroot under debian stable. Something like Nix is the more extreme version of that. The point of something like Flatpak then is either sandboxing or the distribution model (ie getting software from the original author).
binkHN
Nice breakdown. I'm new to Linux and didn't know about this:
> Flatpak still uses PulseAudio even if a host system uses PipeWire. The problem with that is that PulseAudio bundles together access to speakers and microphones—you can have access to both, or neither, but not just one. So if an application has access to play sound, it also has access to capture audio
That's a pretty decent sized hole.
gjsman-1000
I sometimes see Linux users sneering at Windows and Mac design mistakes or lack of “freedom”… but then there’s stuff like this.
Of course, Linux is then conveniently redefined in a way that nobody can be responsible, with finger pointing on every issue, rather than admit design flaws like this plague Linux as a whole.
bee_rider
I get that you already preempted this, but: Flatpack is a weird extra layer on top of Linux. Most distros have package managers that work just fine. These package managers predate Flatpack and basically are the main thing that the distro provides (other than the community, of course).
CJefferson
But those are even worse from this point of view, I have no control over which apps can access my camera, or microphone.
I'm personally disappointed that sandboxing isn't easier in Linux. I hoped it would move past Windows and Mac, imagine a world where the majority of libraries are sandboxed too, we only let compression and decompression libraries read one stream and write to another, this would improve security. This has been done by both Google (in Android) and Apple (in iOS and Mac OS X), but hasn't seen general acceptance in Linux (as far as I can tell).
poulpy123
if they were working fine there would be not need for flatpak
frollogaston
Many Ubuntu or Debian users still use Flatpak, don't they? Even though there's already apt-get.
AlienRobot
>Flatpack is a weird extra layer on top of Linux
My brother in christ, systemd, x11 and even GNU are weird extra layers on top of Linux. Linux is just the kernel. This is exactly what "redefining Linux so it's never responsible for 99% you need to put on top of Linux to have a functional modern OS" is about.
rendaw
How would you do this on Windows?
frollogaston
I wish there were such thing as just "installing Linux" on a computer, and it shows the penguin when you boot up.
andrewmcwatters
There sort of is, but you can't do anything with it, because you essentially have no user space utilities?
For all of the crap that people gave the term "GNU/Linux" it's even more true today considering there are Linux-based operating systems that don't use GNU utilities.
gjsman-1000 talks about "design flaws" in Linux above, but Linux is just the kernel. There is no "Linux" operating system, despite everyone, and even Linus probably? using that term.
If you call booting init and getting a black screen "an operating system," well... that's cool I guess.
I doubt Linus ever talks to the GTK people in any meaningful way, or any other desktop environment authors. So, what design flaws?
Do you call a ladder a badly designed scaffold because it doesn't have a horizontal platform? No, it's just something entirely different all together.
dbolgheroni
I've installed flatpak to install VSCode/Codium to have an usable debugger for a Python project I'm working on. After some time tweaking VSCode/Codium trying to get the debbuger to work, just realized flatpak could be the problem. After another considerable amount of time trying different flatpak permissions, realized this is not a good use of my time. Installed the same packages from snap, and everything worked OK.
bjoli
The emacs flatpak is just a long and painful road leading nowhere.
Ferret7446
Flatpak is far better for applications rather than system tools, e.g., Chrom{e,ium}, due to the sandboxing.
sabslikesobs
I've switched to a flatpak-based immutable distro lately. It's great when it works. But so many niceties don't work, and then it feels like my computer is not really the fantastic tool it should be. For example:
- I had to run around with a distrobox running WINE and a bunch of permissions and kludges to run an external tool for Godot
- I gave up on the flatpak for Firefox because it can't talk to my KeepassDX flatpak
- The Godot and Krita flatpaks are oddly unstable and crash more than they did on Windows (may just be Gnome or something)
- non-flatpak tools like AppImages and .rpms feel pretty dang grungy
I want to see more cool stuff with Flatpak so seeing the state it's in is kind of a bummer.
conradev
The permissions issues are real.
It still isn't possible to package Tailscale or anything that creates a virtual interface as a Flatpak because there is no permission for that. macOS has an API to ask for permissions to add an interface/change routes.
curt15
Thanks to said API, Tailscale on MacOS is even distributed as a sandboxed app through the Mac App Store [1]. Flatpak's restrictions make certain classes of software difficult to use on "atomic" Linux distros like Silverblue or Bluefin that provide a read-only base system and expect users to get their software through Flatpak.
curious_ralts
I daily drive an immutable Fedora spin and if I wanted to install Tailscale I would most likely add it to the base image via `rpm-ostree` instead of trying to reach for Flatpak - not because i'm aware of the issues but because it makes more sense to me to add a more system-wide networking layer to the base image. That being said there are many apps that are not packaged as Flatpaks that I end up adding to the base layer out of necessity which I would have liked to use as Flatpaks.
WD-42
I'm not sure I'd install tailscale as a flatpak even if it were possible. I've always seen flatpak as a way to install large, potentially crappy desktop applications without polluting your system. OBS studio is a perfect example - it's a great app but it's the only one I use that uses QT, thanks to flatpak I don't even have the QT libraries installed on my system.
Tailscale is more like a system service that I'd prefer a distro package for (Arch Linux repos contain Tailscale, btw).
vrighter
You don't have QT libraries installed on your system. You just have then in some archive somewhere along with a bunch of copies of stuff you do already have installed on your system.
porridgeraisin
Why does that matter? Copies of a few libraries is just not a problem.
ChocolateGod
> It still isn't possible to package Tailscale or anything that creates a virtual interface as a Flatpak because there is no permission for that.
It's possible but not ideal. The application could use flatpak-spawn (to get out the sandbox) and then polkit-exec (to ask user for root perms for arbitrary use) to get root privileges on the host, but you're removing nearly all sandboxing.
klabb3
Im not really much of a flatpak user but to me it seems like permission system on top of Linux is an incredible undertaking. Solving both packaging and retrofitting permissions at the same time seems too big of a cookie to swallow. I don’t know whether the permission system is what killed the momentum and caused this seeming burnout. But it seems incredibly complex.
To me, Linux doesn’t have a granular modern permission system, and I don’t expect my package manager to solve it for me. I still run proprietary software on it, because I kind of have to. Is that an ideal situation? No. But I rather have a distribution system and vet vendors (which I’m doing anyway) than wait another decade for permissions to be perfect. Distribution, packaging and updates is the pressing need imo.
wmf
Maybe Tailscale should be a sysext not a Flatpak.
thangalin
Years ago, I wrote an on-screen display (OSD) in Java for showing keypresses and mouse clicks[1]. Someone thought a flatpack would be useful[2]. I didn't see the point. It meant: (a) maintaining two installation processes; (b) collating download stats from two sources; (c) trusting a third-party system to maintain package indexes over time[3]; (d) adding yet another package manager to a system that already has a package manager; and (e) bloating the repo with another repo.
Years later, I still only see drawbacks.
[1]: https://gitlab.com/DaveJarvis/KmCaster
[2]: https://github.com/flathub/com.whitemagicsoftware.kmcaster
[3]: https://flathub.org/apps/search?q=kmcaster - whoops!
rbits
The upsides would be
- Easy use on immutable distros - The user doesn't have to make sure they have the right version of Java installed - Auto-updates even if there is no repo for your specific distro
And also you can find it through searching on Flathub I guess
thangalin
> And also you can find it through searching on Flathub I guess
Did you click the third link I posted, which searches Flathub for KmCaster only to come up dry? This was point (c): You have to trust that their search engine is correct, maintained, and updated. That doesn't come for free, it takes effort, and things go wrong.
Lariscus
This isn't a bug. Kmcaster is unmaintained and has been removed from flathub.
[0] https://flathub.org/apps/com.whitemagicsoftware.kmcaster
preisschild
It comes up as dry because the package is marked as unmaintained
https://flathub.org/apps/com.whitemagicsoftware.kmcaster
https://github.com/flathub/com.whitemagicsoftware.kmcaster/p...
null
sohrob
I'm not an open source maintainer or even a dev, but it seems bonkers to me that with all the numerous distributions out there, all facing the same problem of package management, that they couldn't just refocus their combined efforts toward improving Flatpak and guiding it toward universal adoption.
palata
Maybe one reason why many "distributions" exist is that they don't feel like "distributing" the same way :-).
Diversity is good. I don't want "one distribution" that chooses the init system, distribution, compositor, window manager, etc. I want to have choice.
When it comes to distributing packages, I personally like system package managers. Not such a big fan of flatpak.
LtWorf
Many people disagree on the idea that flatpack is useful at all.
For example it's completely useless to me. Why do you expect me to help on something I don't use?
yencabulator
By that logic, only GNOME is allowed to exist. No thanks. The people in power often make decisions a big chunk of the community disagrees with.
mrbluecoat
I'd choose a single appimage binary any day over flatpak, snap, or containers. It's just so portable and user friendly!
ongytenes
I really dislike Flatpak because the humongous sizes of packages. I noticed that Telegram flatpak was 1.1GB in size and requires 3.6GB of the hard drive, whereas the regular DEB install was 28MB and needs only 82 MB.
And there was no DEB available for Signal in the LinuxMint package manager. It also was a 1.1GB download that required 3.6GB of hard drive. Reason there is no Signal app on my desktop.
> Wick started his talk by saying that it looks like everything is great with the Flatpak project, but if one looks deeper, ""you will notice that it's not being actively developed anymore"". There are people who maintain the code base and fix security issues, for example, but ""bigger changes are not really happening anymore"". He said that there are a bunch of merge requests for new features, but no one feels responsible for reviewing them, and that is kind of problematic.
I think Red Hat should really be stepping up more here, especially since with RHEL 10 they stopped maintaining a ton of desktop packages with the advice for users of those packages being "get the package from Flathub instead of from us" (see https://docs.redhat.com/en/documentation/red_hat_enterprise_... , search for Flathub). If that's Red Hat's attitude towards desktop software, they should be providing the resources to make Flatpak a viable alternative.
> A user's Linux distribution may still be providing an older version of Flatpak that does not have support for --device=input, or whatever new feature that a Flatpak developer may wish to use. Wick said there needs to be a way for applications to use the new permissions by default, but fall back to the older permission models if used on a system with an older version of Flatpak.
I'm glad he brought that up as a problem. I maintain a game on Flathub that has audio and controller support. Because of the limited permissions granularity, that means that the game is displayed as requiring arbitrary device access (--device=input is too new, so the Flathub maintainers don't allow it in packages yet) and being able to listen to your device's microphone (the audio permission doesn't allow only accessing speakers but not microphones). I hope that Flatpak adds backwards compatibility for permissions so newer Flatpak versions can start having more granular permissions.