I’m not surprised that the OBS devs are considering suing Fedora for their Fedora Flatpaks.
For anyone out of the loop:
Fedora’s been packaging and providing apps as Fedora Flatpaks which cause users trouble cause they’re honestly pretty shit and known to be unreliable. The issue is that users assume that these faulty packages are provided by the Original Devs and complain towards the ODevs.As endless waves of users complain towards the ODevs it causes them unnecessary headache as well as costing valuable time and resources to tell users that it’s actually Fedora fucking things for everyone.
All of this is unnecessary because if Fedora stopped installing Fedora Flatpaks as the default then there wouldn’t be this problem in the first place.
Wait, why is Fedora making their own flatpaks? I thought the entire point is that they work on any distro and everybody gets the original source from flathub.
I asked this exact thing somewhere else, and the best answers I got were:
- there is a somewhat legitimate motivation for fedora to package their own flatpaks in the context of their atomic desktops project.
- they started doing this before flathub was established, and it was a better idea at that time.
So, as per usual with Linux, there are some obscure and historical reasons this is a thing, but it is useless for the majority of users. Fedora should really not have it configured as the default source for flatpaks out of the box
IMO, same reason they have their own repo, which eventually feeds into Red Hat enterprise, to have a trustworthy, curated set of safe (ish) software that’s had eyeballs on it. A worthy enough goal, but that said, it applies a lot less to flatpaks. I personally used to remove theirs because I didn’t like having multiple sources, now I’m on Bazzite which ships with flathub.
This is pretty much how Ubuntu turned into the shitshow it is now.
I don’t see much of a reason to create a customized flatpak, since at this point you might as well just create a binary for dnf.
Wait, why is Fedora making their own flatpaks? I thought the entire point is that they work on any distro and everybody gets the original source from flathub.
Just to add to the other replies you’ve got, as far as I’m aware there’s no reason why you can’t add Fedora’s flatpak repo on another distro. Why you would want to is another matter, but I think the fact that anyone can make their own repo is the fundamental strength of flatpak as opposed to snaps; it’s not tied to one organisation, Flathub is the de facto central repo but it doesn’t always have to be.
Thank you for the context. I’ve been kind of out of the loop with Linux on general and have been using fedora… But now a question. What’s the most stable form of package and which distros use it by default? I’ve been kind of confused my the whole all image, flatpack, etc thing.
Personally I’d recommend installing in this order:
- Packages from your distro’s native repository.
- Flatpaks from Flathub (please avoid Fedora’s Flatpaks).
- AppImages/Debs usually provided on the app developer’s site.
- The Arch User Repository (AUR) if compatible.
- Tarballs.
- Ubuntu Snaps.
- Fedora Flatpaks.
There isn’t one. It’s still a shit show.
The most reliable way to distribute software on Linux is still to make a statically linked binary (linking with a very old glibc is fine) and use
curl | bash. But that isn’t always possible depending on the language used and the app.Seems like OBS Studio is C++/Qt, so it shouldn’t be too difficult though. I’ve done it before in the distant past. But looking at their releases they only provide
.debfor Linux, so I can understand why people would want something else.I’ve made several Qt apps (in C++) easily packaged using AppImage. Perhaps OBS is harder because they require some level of integration with the hardware (e.g. the virtual camera perhaps requires something WRT drivers, I don’t know), but in the general case of a Qt app doing “normal GUI stuff” and “normal user stuff” is a piece of cake. To overcome the glibc problem, it’s true that it’s recommended using an old distro, but it’s not a must. Depends on what you want to support.
As a user, I prefer a native package, though (deb in my case).
cause they’re honestly pretty shit and known to be unreliable.
Can you elaborate here? I’ve had very few issues with Flatpaks and the documentation is pretty thorough. I’m curious what wider issues it has to make the whole ecosystem “pretty shit” and unreliable.
They have individual people maintaining over a thousand flatpacks. There’s no time to test anything.
Additionally, if you go to install the real flatpack, Fedora pushes you to use their poorly-maintained unofficial one instead.
They have individual people maintaining over a thousand flatpacks.
I don’t believe this to be the case with Flathub, only the Fedora repo. I’m asking about the wider flatpak ecosystem, not the fedora-specific repo or how it’s setup.
Additionally, if you go to install the real flatpack, Fedora pushes you to use their poorly-maintained unofficial one instead.
I’d agree that seems like a needless hoop at the very least, but my concern is more to do with the growing trend to shit on Flatpaks as an ecosystem, not just this particular instance of Fedora head-assery.
I think it’s decent software and has really solid use-cases, far from unreliable shit at least in my own anecdotal experience. But my experience is limited, which was why I asked the OP to elaborate on actual flaws they see with the Flatpak ecosystem.
The Fedora flatpacks are pretty shit, not the overall concept.
Wow, Fedora is being a little bitch about it, aren’t they?
Funny, I always thought it would be Canonical getting into this kind of trouble with snaps. Oh well…
oh snap
Fair enough. If you’re going to repackage something, at least do it right.
Lmao, to think that not even the snap got sued but the fedora flatpal did…lol
I installed fedora to replace windows on the 31/12/2023. I wasn’t a complete Linux noob by any measure but haven’t run it as a main OS before. Thank you proton for getting me over the edge.
The whole repo situation on fedora is honestly pretty meh, things are out of date or broken too often. Or they just don’t exist. I have put arch on a number of machines since and find it significantly better. My main box will move away from fedora next time I’m enthused to mess with it and this is the primary reason.
Yikes… One would expect stability and reliability from main distros, it’s funny to me that Linux Mint is the thing you recommend your family to try because Fedora and Ubuntu, formerly popular distros, went to shit.
Fedora was always a bleeding-edge distro and never all that stable or reliable.
The problem is RedHat/IBM have been fucking with everything, and Fedora has suffered along with everything else and it’s just kinda decayed a bit over the past few years.
…Ubuntu went to shit at least a decade ago, if not longer.
Debian debian, something debian.
Don’t use flatpak. Its extremely insecure.
Source?
It doesn’t have package signing. The source is their documentation.
flatpak build-sign, is what I can find in the documentation.
Yeah, thats optional. Unlike actual secure package managers like apt, where signing has been required since 2005.
What you need to look at is the docs for installing, and note it doesn’t say anything about requiring valid signatures after downloading a payload.
Flatpak doesn’t care about security. avoid them.
This seems to be blatant misinformation.
The default seems to require a gpg signature. It can be disabled for a remote with--no-gpg-verify, but the default for installing and building definitely requires a signature.
You keep talking about the docs, so please show me where is says that in the Flatpak Documentation.You’re the one spreading misinformation.
The burden of proof is on you. I linked you to the docs showing how package signatures have been required in apt since 2005. Most package managers do not have signature verification.
Point me to where the docs say signatures are required to be verified after download.
The burden of proof is on you.
You accused flatpak of being insecure. The burden to prove that is totally on you.
You have not provided a single link.
I’m am no expert on flatpak and just did some basic searching.
From reading the command reference it seems GPG-Verification is enabled for each remote and can’t be disabled/enabled for each install. I can just find some issues where gpg verification failsError: GPG verification enabled, but no signatures found (use gpg-verify=false in remote config to disable) error: Failed to install bundle fr.handbrake.ghb: GPG verification enabled, but no signatures found (use gpg-verify=false in remote config to disable)Documentation seems to be more user oriented and not developer oriented maybe someone more knowledgeble can go in the source code and tell us how it actually works.
