Appimages, snaps and flatpaks, which one do you prefer and why?
Flatpaks are quickly becoming my favorite. I’ve rarely had issues with App Images, but they are clunky and messy. Flatpaks are where it’s at IMO.
Snaps are pewpy.
I’ve rarely had issues with App Images, but they are clunky and messy.
How so?
You have to use a separate application to manage them, otherwise they act as portable .exe files in windows, just laying around in a folder you have to manually link to or navigate to to run. You have to set them as executable manually otherwise you can’t run them in certain distros, or they force you to click through the prompt. They aren’t listed in the general packages installed on your system.
They are often bulky in size, and depending on the distro and software, sometimes they don’t work properly. And again, without independent management software, they have to be manually updated independently.
They aren’t bad, they just arent as good as other options IMO. I like App Images for random small programs, or some games too, they aren’t a problem. But for large programs I want to use frequently, they are just less convenient.
none of them. I don’t like the idea of putting security updates in the hands of the developers of each individual application I use.
Oh your app only works with an old broken insecure version of the library? Fuck you then, you can’t just decide to install and use the insecure version.
Interesting idea, didn’t think about this before. Still you could argue because of the sandboxed nature, those outdated libraries should’nt be much of a problem?
example, suppose there was a bug in openssl’s prime number generation code. It will generate insecure keys.
No amount of sandboxing can help with that. The bug is discovered and the next day I run ‘pacman -Syu’ (I use arch, btw) and the problem is gone systemwide, except for any flatpaks or appimages etc. Those will only get updates (and stop leaking my data) if and only if its maintainer actually gives a fuck, is still alive and active. If not, you’re sol
I am very certain the most appropriate person to update the software would be the developer itself. So when suddenly for flatpaks & co the responsibility of updating libraries is put on the flatpak package maintainer for ANYTHING used in that container… it doesn’t sound optimal.
Still your example is a very edge-case scenario, because it would create a static vulnerability.
Containers are a form of static linking. just because they are different files inside the image, doesn’t mean they’re not effectively statically linked, if they can only be upgraded together
If I update my shared libraries, that application uses its own ‘statically linked’ libraries and doesn’t pick up the changes. Exactly like what happens with a normal statically linked binary.
I avoid static linking like the plague.
ELI5?
sandboxing protects apps from each other. If there’s a bug in some library that somehow leaks some security keys or something, sandboxing doesn’t help.
“leaks security keys of the app itself”, it can’t leak anything outside of the container?
Flatpaks. On Mint, the GUI update tool updates both Flatpaks and natively installed packages. It’s fantastic.
I just returned to linux after a few years. Mint is so slick and out of the box ready. Gonna stay a bit longer I think.
Pacman > Flatpak > won’t use it
I prefer Flatpaks by a wide margin. This presentation by openSUSE’s Richard Brown is a great watch for those looking for a thorough comparison.
Same here. I don’t really like Appimages because (AFAIK, unless there’s some tool I don’t know about) you have to just check each one individually for updates which feels old fashioned, like Windows.
Snap is just a worse version of Flatpak as far as I can tell, so I don’t bother with it.
@CrabAndBroom @throwawayish I like flatpacks and their integration into some stores and the ease of update makes me not hate them. Unfortunately, this is where Linux is headed. Containerization and immutability.
Luckily, we will always have lots of distros to choose from.
Flatpak is my preference since it supports multiple remotes (repos) and sandboxing. With flatseal tweaking the sandbox is also easy.
Snaps work great on Ubuntu and support cli tools as well as system components. But their sandboxing doesn’t work on many distros and the one and only repo is controlled by one company. If I’m not on Ubuntu, I don’t see any reason to choose it over flatpak.
Appimages are great for putting on a USB stick or keeping a specific version of software. But I want to install software from a trusted repository, which Appimages support at best as an afterthought.
You know they flatpaks doesn’t verify the packages it downloads from your “trusted” repository, right?
None. I prefer native packages. AUR usually has me covered and hasn’t broken my system…ever, really. Yet, anyways. (Well, it might have broken my Manjaro install, but it is Manjaro, so i probably sneezed wrong)
…but, if I had to pick one? Flatpaks. Outta the three, they’ve given me the least trouble and just work right out the gate. Still prefer native packages tho
deleted by creator
Nix.
Flatpak for sure, appimages are okay in certain circumstances and snaps are trash.
Flatpak – It’s not without it’s own issues, of course, but it does the job. I’m not fan of how snaps are designed, and I don’t think canonical is trustworthy enough to run a packaging format. Appimages are really just not good for widespread adoption. They do what they are designed to do well, but I don’t think it’s wise to use them as a main package format.
As far as I know, Flatpaks have the best foundation currently, there are a number of issues, but they are fixable and not entirely by design. And with Fedora Silverblue/Kinoite and OpenSUSE MicroOS you can really see how native debs/rpms/whatever isn’t really that good of an idea for the average user and Flatpak is a solution to that.
Appimages at a glance seems like a perfect solution for apps that for some reason or another needs to be kept outdated. But there is (was?) an issue of it not really bundling everything it needs, it looks and behaves as it is portable, but as far as I’m aware, it really isn’t.
And then there’s Snap. Yeah, that one is just weird, it honestly just doesn’t feel like a proper solution to any of the problems it tries to fix.
For personal use, Flatpak when there’s no native option, in most cases. They always seem to work and with Flatseal, you can more finely control permissions and local filesystem access of them.
For servers, if it’s a single-purpose VM (like I do with my PiHole/AdGuard servers), I’ll also go native. Otherwise, Docker for compatibility and ease of management.
I’ve only used flatpak and I honestly see no reason to try anything else. The only issue I’ve encountered is that Steam games launched by the Steam flatpak occasionally act strange (sometimes they can’t locate graphics drivers or connect to online services).
Flatpak and Appimages. Flatpaks are the best solution IMO, just better than snaps in about every setting except servers. Appimages are great simply because of their easy portability, just being a single executable. I like having GUI apps in Flatpaks because it separates the updates for those applications from my package manager.
pacman or from source 😎 (i am superiour because i make it harder for myself)
