Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
View Poll Results: Do you use Appimage, Flatpak, and/or Snaps?
None of the above, so far no need for any. I might try one to see how it runs, if I could find one that did something that was challenging or not possible with my existing setups.
The only one of these I've even heard of is snap. While the basic concept is intriguing, my main concern is with security.
If component A is found to have an exploit/vulnerability in it, a patch usually comes out before I even hear about it (and usually gets installed on my system within a day). But with snap, I might have several older versions of A installed and I have no idea when or if they will get fixed.
OTOH, I still have an old flip phone and I use bitpim to connect it to Linux. When I want to run it, I boot up kubuntu 12.04 where bitpim still works. That's a PITA and the only reason I haven't erased 12.04 yet. Having a snap for that would be great.
...the main one being Canonical's LivePatch service for Ubuntu. It does seem to "just work," but I prefer to use .deb files where I can see exactly what's going on during an install or upgrade.
The only one of these I've even heard of is snap. While the basic concept is intriguing, my main concern is with security.
If component A is found to have an exploit/vulnerability in it, a patch usually comes out before I even hear about it (and usually gets installed on my system within a day). But with snap, I might have several older versions of A installed and I have no idea when or if they will get fixed.
OTOH, I still have an old flip phone and I use bitpim to connect it to Linux. When I want to run it, I boot up kubuntu 12.04 where bitpim still works. That's a PITA and the only reason I haven't erased 12.04 yet. Having a snap for that would be great.
As detailed in my (rather long) comment earlier, yes there is a security concern here, but the fact that snaps are confined by AppArmour should help relieve those fears somewhat (maybe not entirely). Snaps are rather well contained. People making snaps for their applications are increasingly able to depend on a platform snap (e.g. gnome-3-26-1604, though that's a work-in-progress) which should have updated dependencies in it (and this is better than the status quo with packaging because if the app doesn't work with those dependencies then one can quickly change the snap to not rely on that platform snap but bundle its own dependencies). When snaps bundle their own dependencies, which ensures that the application won't be forced to run on dependency versions that the app developers don't expect, then yes it may be using outdated dependencies if the app developers haven't got their software working with newer dependencies yet. Usually, though, snaps are built using Ubuntu 16.04 Debs as dependencies (this is what's used by the snappy build service), but app developers can choose to build against specific releases of dependencies manually. Maybe you're worried that things are taken out of the hands of distro maintainers, but in my view that's one of the biggest weaknesses with the Linux desktop at the moment. So much hinges on the distro maintainers (and there's so many distros) and the shared dependencies provided by the distro that it's very difficult to get a stable (in the noob sense) and up-to-date applications. Snappy resolves this by putting dependency management in the hands of the app developers/snapcrafters. If you see a `snapcraft.yaml` using an outdated dependency then you should challenge upstream (or whoever made the `snapcraft.yaml`, but ultimately we're trying to remove that middleman) to fix that themselves or submit a PR to fix it yourself, but it's good that app developers can get closer to guaranteeing quality on all distros themselves - no distro maintainer middleman.
One of the great things about Linux is the packaging system and the "one-stop shopping" concept: getting everything, including security and bug fixes, from a repository. To me, those stand-alone packages are just for ex-Windows users who don't understand Linux.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
Quote:
Originally Posted by DavidMcCann
One of the great things about Linux is the packaging system and the "one-stop shopping" concept: getting everything, including security and bug fixes, from a repository. To me, those stand-alone packages are just for ex-Windows users who don't understand Linux.
You nailed it! There is a decent video from the openSUSE chairman (an interview with Bryan Lunduke) where he discusses the security problems with flatpack etc... https://www.youtube.com/watch?v=ipgskaR70Ys
This trend of trying to make Linux more palatable to Windows and Mac users is going to seriously harm Linux for years to come. Glad my distro of choice tends to buck (could start with f as well) those trends.
I tried to install something I could not find anywhere else as a .deb, but came as an appimage, however, it would not work! They'd only packaged it as 64-bit! I checked and MANY appimage packages come ONLY as 64-bit even if there is a 32-bit .deb available for them, and of course the 64-bit won't work on a 32-bit system. (The reverse may work, though.) So much for their being "universal." How about those of us who have older systems, or who choose to run 32-bit as 64-bit is really no benefit to us on systems with lower than 4GB (MUCH more than I need) memory installed? How about the MANY people who are running systems that ran XP, where the 64-bit wasn't very popular, and the hardware was mostly 32-bit?
After some searching, I gave up. There was no 32-bit of that particular software. I installed something else, instead, which did the same job, had fewer bugs according to several sites, and came as 32-bit in a deb package (something not in any repository I could find.) I've built from source as well when necessary. No need I can see for these all-in-one packages, which tend to be HUGE if there are very many dependencies the application relies on, when I often have all the dependencies right on my system, or an older version of a library that works with the prior version of whatever I need to run. I don't need the bleeding edge, nor the latest libraries that tend to break systems, and run all my other software that depends on them from the same version.
Last edited by fixitmanarizona; 09-18-2017 at 12:04 AM.
Reason: additional info
This trend of trying to make Linux more palatable to Windows and Mac users is going to seriously harm Linux for years to come. Glad my distro of choice tends to buck (could start with f as well) those trends.
My sentiments also. If you are going to transition to Linux/Unix, do the diligence of LEARNING what you will be using. Objectively: Do not expect Linux to change to accommodate your laziness. If you really are *that* lazy, stay with windoze.
IMHO, Canonical has done a disservice to Linux by basically pablum-izing for windoze refugees who really don't want to adjust to a different paradigm--and it does show in the boards and the usenet.
I truly believe that these approaches have great promise, in particular, to allow less balkanization between distros when in some ways that has been the nemesis of success of Linux generally.
Depends on your idea of success I guess.
I've found no need for any of these yet, as I've been able to do what I want without them. And as far as software packages that are "approved" by your distro, so many times I've found the package listed in my distro's repository to be way out of date, so the only option for me was to install the latest version somewhere else, with no ill effect. I will not depend on my distro's maintainers, whomever they may be, to decide what software I can put on my computer, and I take full responsibility for what I install on it. I wouldn't have it any other way, and don't exactly understand the mindset of someone who refuses to install something just because it's not approved by their distro. Is it fear? Laziness? Lack of confidence? Refusal of resposibility, for whatever reason? I don't know. I started using Linux years ago so I could "do things my own way" and I wouldn't give up this freedom for anything. No way would I switch to any of the other operating systems that I know of, and I'll continue to install and use any software I want, distro-approved or not.
Distribution: Xubuntu 17.10, Android 5.0.2, Android 7.1.1, Trisquel 7.0 Mini
Posts: 86
Rep:
Quote:
Originally Posted by jeremy
Curious about this response: Is your assertion that you don't trust software authors or that you're under the impression that most distros audit software before inclusion? Or something else entirely?
--jeremy
If they don't then I have been seriously misled. At least the major distros (I use the *buntus, and I'd hope somebody at Canonical or in the *buntuverse is watching these things, else why are so many software versions in the repos a year or more behind the latest release?)
My sentiments also. If you are going to transition to Linux/Unix, do the diligence of LEARNING what you will be using. Objectively: Do not expect Linux to change to accommodate your laziness. If you really are *that* lazy, stay with windoze.
IMHO, Canonical has done a disservice to Linux by basically pablum-izing for windoze refugees who really don't want to adjust to a different paradigm--and it does show in the boards and the usenet.
No, I think the typical COMPUTER user now, which means any computer, Android, Windows, Mac, whatever, DO NOT need nor want to know programming, nor do they need nor want to have to enter "commands" in a little box. This isn't the 1980s or even the 1990s. When I see Microsoft or Apple reverting to having all the users compile programs from some little plain text box, then I might change my mind. When I see Android users madly entering plain text on their tablets in a little black box just to check the price of oats in China, I'll change my mind. I really don't see why Linux has to be any different. For those who think Linux should only be for coders and programmers, well, stick to that, and just consider the Linux world has moved on from that.
There is a big difference between Linux Elitists, and those who just want to use their computer, and Canonical has pretty much helped with the latter. Also, one of the reasons there ARE so many boards for users trying to figure out how to use Linux is that you have newbies, whom you should encourage, trying to get something to work. They don't need to spend years trying to learn something that no one except the programmers need to know. Think about the "UBUNTU" philosophy there for a minute, if you don't understand that. There's no room for elitism in it. The idea is an EASY TO USE operating system for EVERYBODY.
If you want to tag "your" distro as user-unfriendly and only for Linux Elitists that know code... fine. In my opinion that's not what computers are for. Turn the damn thing on, and do what you need to do, and move on. If you need some special little program someone else already came up with, bam, install it, and use it. None of this "oh that doesn't work on your system because blah blah blah, what you do is enter a bunch of text in some little black box, then..."
Therefore I see the need for something like the appimage, Etc. but these are still in their infancy and the details are NOT worked out, so if and when it's perfected I might change my thinking on using them. When I can easily install something like that one any system (built for a typical user) and just have it WORK, they'll be mature. So far I haven't found that to be the case.
Last edited by fixitmanarizona; 09-18-2017 at 12:38 AM.
as you yourself seem to be saying, the average user doesn't want or need to know what's going on under the hood - but imho appimage/flatpack/snaps aren't the only way to achieve that.
a well-structured GUI package managing system is surely "user-friendly" in every way.
my experience with people changing from windows to a modern gui linux is that they expect software installation to work like on windows: get it on the wild web, double-click it. it will work.
but by changing only this one usage habit, you get a much tighter, well-organized, and ultimately lightweight linux system.
a well-structured GUI package managing system is surely "user-friendly" in every way.
with these appimage/flatpack/snaps, it has finally become possible to bog down linux computers, too.
i see them as emergency solutions, not an everyday way to do things.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.