Re: Flatpak or repository apps

To: debian-user@lists.debian.org
Subject: Re: Flatpak or repository apps
From: Reco <recoverym4n@enotuniq.net>
Date: Fri, 12 Jul 2019 14:27:08 +0300
Message-id: <[🔎] E1hlthl-0000fW-Va@enotuniq.net>
In-reply-to: <[🔎] f1916bec-796f-baaf-85d0-e90134e24547@mailbox.org>
References: <[🔎] f1916bec-796f-baaf-85d0-e90134e24547@mailbox.org>

On Fri, Jul 12, 2019 at 09:33:44AM +0300, Georgios wrote:
> Hi there!
> 
> Based on security and stability i was wondering what is more preferable?
> 
> Installing apps through flatpak or through debian repositories?

I trust Debian at packaging software, correcting obvious software
defects in the process, and supporting the unchanged behaviour of the
software during the lifecycle of the stable release while providing the
bugfixes.
For the typical software developer (especially those who write "apps",
not "programs"), maintaining a stable version of their software is a
burden, and a "security" is an unfamiliar concept.

> Repositories:
> 
> -I was thinking that in repositories you have old software that gets
> bugs fixes. But what about old software that it isnt supported?

By the upstream, you mean? If it's a security problem it will be get
fixed or the package is excluded from the archive.

> Are fixes backported etc?

Of course, if it's feasible.
If it's not - software version gets bumped (browsers, samba, wireshark
to name a few examples).

> How fast?

Faster if the maintainer gets help. From the users of the software, for
instance.

> -Doesnt offer easy sandboxing like flatpak

Which is only need for the untrusted software in the first place.
Crucial for the task flatpak was designed for (delivering desktop "apps"
taken from random places at Internet), but is something one can easily
avoid by using a trusted software in the first place (i.e. Debian main
archive).

> -Apparmor can restrict applications

Yup. And it's a useful compromise between security and usability.
The main problem of apparmor is that it uses targeted approach (every
policy is linked to executable) instead of more correct labeled approach
like MLS SELinux policy does.

> Flatpak:
> 
> -sandboxing

See above.

> -Propably bug fixes are faster if the developer support flatpak distribution

Alongside with behaviour changes, possible incompatibility to previous
versions, and of course - fresh new bugs.

> -No Apparmor.

True. But if it bothers you consider using SELinux, which does offer
something in this regard. The problem is - you choose wrong distribution
if you need SELinux (it's barebone basic in Debian).

> -are the latest applications stable enough?

LOL. Why do you think they invented version stabilization in the first
place? If you like to live on a bleeding edge you have to bleed sooner
or later.

Reco

Reply to:

Follow-Ups:
- Re: Flatpak or repository apps
  - From: Alessandro Vesely <vesely@tana.it>

References:
- Flatpak or repository apps
  - From: Georgios <gpdsbe+debian@mailbox.org>

Prev by Date: Re: Repair Grumb (grub)
Next by Date: Re: useless languages
Previous by thread: Re: Flatpak or repository apps
Next by thread: Re: Flatpak or repository apps
Index(es):
- Date
- Thread