If there's one thing you can always count on in the Linux world it's that packaging can be a nightmare. The OBS Studio team are not happy with the Fedora folks due to Flatpak problems and threatened legal action.
The lesson is that Fedora Flatpak Repo needs to fuck off. It’s an anti-pattern to have an obscure flatpak repo with software that is packaged differently from everything else.
The entire point of flatpaks was to have a universal packaging format that upstream devs could make themselves, and Fedora is completely undermining it.
And Fedora Flatpaks are universal, they work on any distros.
Flatpak by design allows you to install Flatpaks from multiple stores. The fact that snap only allows one store is a common criticism of snap.
Fedora Flatpaks were created because Fedora has strict guidelines for packages. They must be FOSS, they must not included patented software, and they need to be secure.
Flathub allows proprietary and patented software, so not all Flathub packages could be preinstalled. And if a Flathub package was preinstalled, it could add proprietary or patented bits without Fedora having a say.
Flathub packages are also allowed to use EOL runtimes and include vendored dependencies that have security issues. Fedora does not want this. Fedora Flatpaks are built entirely from Fedora RPMs so they get security updates from Fedora repos.
They work on other distros… if they work at all. If those “strict guidelines” are resulting in flatpaks like OBS and Bottles, which are broken and the devs have tried to get them to stop shipping, then I’ll pass on Fedora flatpaks.
I dont criticize Flatpaks for allowing alternative packaging sources. I criticize Fedora for sneakily (whether intentionally sneaky or not) setting their broken flatpak repo as the default, leading to a bunch of confusion by Fedora users that don’t know they’re actually using different, sometimes broken, packages from everyone else.
The uBlue downstreams of Fedora know this, and they have the decency to present the user with that information upon installation. So thankfully, their users don’t end up wasting their time with problems that Fedora introduced.
“strict guidelines” are resulting in flatpaks like OBS and Bottles, which are broken and the devs have tried to get them to stop shipping, then I’ll pass on Fedora flatpaks
That’s fine.
I criticize Fedora for sneakily (whether intentionally sneaky or not) setting their broken flatpak repo as the default
It’s not sneakily. Fedora Flatpaks do not have verified badges and in Gnome Software, they show “[Flatpak Icon] Fedora Linux” right under the install button.
Is this system perfect? No. For example, it stills shows “Mozilla Corporation”, but note that this issue also affects Flathub. That line is about the app creator, not publisher.
leading to a bunch of confusion by Fedora users that don’t know they’re actually using different, sometimes broken, packages from everyone else.
Most people get their packages from their distros repos. Arch, Linux Mint, Pop!_OS all default to distro repos. The latter two include Flathub, but still prefer debs by default. So most people are using unofficial packages by default that are different from what everyone else is using.
As for users feeling “tricked”? That’s a difficult thing to say. I would like to say that users should at least know something about the distro they are choosing (ie Ubuntu users should know about snap; Fedora/Debian users should know about their stances on FOSS, security, and patents; Arch users should know its a DIY distro). But I was once a new user and I remember using Ubuntu for months before learning that their packages aren’t official and about how their repo freezes work.
The situation could certainly be improved. Fedora could show a slide in Gnome’s Tour screen informing them about Fedora defaults to their own packages not supported by upstream and their stances on FOSS.
I don’t disagree with most of that, but none of what you said actually addresses the problem. The problem is that there are functionally two (notable) flatpak repositories, but one of those is going against the will of the upstream software devs and shipping broken software that they have asked them to stop packaging. And Fedora users are getting the broken flathub repository as the default, without really having reason to suspect that their “flathub store” would ever trick them into installing from a different source. The “verified” badge, especially the lack thereof, does not address that.
As for users feeling “tricked”? That’s a difficult thing to say. I would like to say that users should at least know something about the distro they are choosing (ie Ubuntu users should know about snap; Fedora/Debian users should know about their stances on FOSS, security, and patents; Arch users should know its a DIY distro).
You can RTFM someone all day, but if you actually want Linux to be adopted by more people, you need to reduce the anti-patterns. Snaps are generally known about because they are infamous for also breaking packages. And they’re still major footguns when people are recommending Ubuntu to people that are new to Linux, who are the least likely to know that their apt package installations are going to be installing differently-packaged software that has its own set of problems. If we get to a point where Flatpaks have a similar problem to Snaps, we’ve taken a wrong turn, and it will only hurt Linux adoption.
My biggest problem with Flatpak is that Flathub has all sorts of weird crap, and depending on your UI it’s not always easy to tell what’s official and what’s just from some rando. I don’t want a repo full of “unverified” packages to be a first-class citizen in my distro.
Distros can and should curate packages. That’s half the point of a distro.
And yes, the idea of packaging dependencies in their own isolated container per-app comes with real downsides: I can’t simply patch a library once at the system level.
I’m running a Fedora derivative and I wasn’t even aware of this option. I’m going to look into it now because it sounds better than Flathub.
Among other reasons, Fedora ensure that apps get a flatpak. Imagine there was no official flatpak, fedora would’ve made one. Just like fedora ensures that there are native ways to install it via dnf. On atomic distros, you want to use flatpaks very often. Hence it makes sense to package apps via flatpak.
Fedora ensures that there is not additional code in the app kind of like fdroid on phones.
I answered most of this in the other thread, but I am aware that anyone can make flatpaks. What I meant is that flatpaks were supposed to make it easier for devs to get their software to end users by allowing them to not have to worry about distro-specific packaging requirements or formats.
But when someone else takes it upon themselves to make broken flatpaks, ones that you’ve requested they stop doing, now they’re making things worse for everyone involved and should be considered a hostile fork and treated as such.
The OBS and Bottles packages have been broken for a long time. Long enough that both upstream projects asked them to stop many months ago. They don’t get to pretend it was a mistake. This isn’t just another case of a minor packaging bug getting to users. They are packaging the software incorrectly.
Not OP, but for me the issue is if you want to override the default and make it opt-out, especially sine the opt-out process isn’t that well documented, then you should realize that support is a necessary part of that process and fix problems as they arise rather than resorting to name calling and hostile behavior when something you published is broken. It’s a responsibility of taking on that kind of project. Either that or make it explicitly opt-in and give users a warning like with beta version opt-in notifications that the packages are not official and issues may not be fixed as quickly as the official releases.
What is the lesson we can learn here as stated by the author of the post?
There is no info why packaging failed. I can’t draw any obvious lesson from this post
The lesson is that Fedora Flatpak Repo needs to fuck off. It’s an anti-pattern to have an obscure flatpak repo with software that is packaged differently from everything else.
The entire point of flatpaks was to have a universal packaging format that upstream devs could make themselves, and Fedora is completely undermining it.
And Fedora Flatpaks are universal, they work on any distros.
Flatpak by design allows you to install Flatpaks from multiple stores. The fact that snap only allows one store is a common criticism of snap.
Fedora Flatpaks were created because Fedora has strict guidelines for packages. They must be FOSS, they must not included patented software, and they need to be secure.
Flathub allows proprietary and patented software, so not all Flathub packages could be preinstalled. And if a Flathub package was preinstalled, it could add proprietary or patented bits without Fedora having a say.
Flathub packages are also allowed to use EOL runtimes and include vendored dependencies that have security issues. Fedora does not want this. Fedora Flatpaks are built entirely from Fedora RPMs so they get security updates from Fedora repos.
They work on other distros… if they work at all. If those “strict guidelines” are resulting in flatpaks like OBS and Bottles, which are broken and the devs have tried to get them to stop shipping, then I’ll pass on Fedora flatpaks.
I dont criticize Flatpaks for allowing alternative packaging sources. I criticize Fedora for sneakily (whether intentionally sneaky or not) setting their broken flatpak repo as the default, leading to a bunch of confusion by Fedora users that don’t know they’re actually using different, sometimes broken, packages from everyone else.
The uBlue downstreams of Fedora know this, and they have the decency to present the user with that information upon installation. So thankfully, their users don’t end up wasting their time with problems that Fedora introduced.
That’s fine.
It’s not sneakily. Fedora Flatpaks do not have verified badges and in Gnome Software, they show “[Flatpak Icon] Fedora Linux” right under the install button.
Is this system perfect? No. For example, it stills shows “Mozilla Corporation”, but note that this issue also affects Flathub. That line is about the app creator, not publisher.
Most people get their packages from their distros repos. Arch, Linux Mint, Pop!_OS all default to distro repos. The latter two include Flathub, but still prefer debs by default. So most people are using unofficial packages by default that are different from what everyone else is using.
As for users feeling “tricked”? That’s a difficult thing to say. I would like to say that users should at least know something about the distro they are choosing (ie Ubuntu users should know about snap; Fedora/Debian users should know about their stances on FOSS, security, and patents; Arch users should know its a DIY distro). But I was once a new user and I remember using Ubuntu for months before learning that their packages aren’t official and about how their repo freezes work.
The situation could certainly be improved. Fedora could show a slide in Gnome’s Tour screen informing them about Fedora defaults to their own packages not supported by upstream and their stances on FOSS.
I don’t disagree with most of that, but none of what you said actually addresses the problem. The problem is that there are functionally two (notable) flatpak repositories, but one of those is going against the will of the upstream software devs and shipping broken software that they have asked them to stop packaging. And Fedora users are getting the broken flathub repository as the default, without really having reason to suspect that their “flathub store” would ever trick them into installing from a different source. The “verified” badge, especially the lack thereof, does not address that.
You can RTFM someone all day, but if you actually want Linux to be adopted by more people, you need to reduce the anti-patterns. Snaps are generally known about because they are infamous for also breaking packages. And they’re still major footguns when people are recommending Ubuntu to people that are new to Linux, who are the least likely to know that their
aptpackage installations are going to be installing differently-packaged software that has its own set of problems. If we get to a point where Flatpaks have a similar problem to Snaps, we’ve taken a wrong turn, and it will only hurt Linux adoption.Honestly, that sounds great.
My biggest problem with Flatpak is that Flathub has all sorts of weird crap, and depending on your UI it’s not always easy to tell what’s official and what’s just from some rando. I don’t want a repo full of “unverified” packages to be a first-class citizen in my distro.
Distros can and should curate packages. That’s half the point of a distro.
And yes, the idea of packaging dependencies in their own isolated container per-app comes with real downsides: I can’t simply patch a library once at the system level.
I’m running a Fedora derivative and I wasn’t even aware of this option. I’m going to look into it now because it sounds better than Flathub.
Why don’t you like fedora flatpaks?
Among other reasons, Fedora ensure that apps get a flatpak. Imagine there was no official flatpak, fedora would’ve made one. Just like fedora ensures that there are native ways to install it via dnf. On atomic distros, you want to use flatpaks very often. Hence it makes sense to package apps via flatpak.
Fedora ensures that there is not additional code in the app kind of like fdroid on phones.
Anyone can make flatpaks, not just the main dev.
I answered most of this in the other thread, but I am aware that anyone can make flatpaks. What I meant is that flatpaks were supposed to make it easier for devs to get their software to end users by allowing them to not have to worry about distro-specific packaging requirements or formats.
But when someone else takes it upon themselves to make broken flatpaks, ones that you’ve requested they stop doing, now they’re making things worse for everyone involved and should be considered a hostile fork and treated as such.
It reads as if fedora wanted to created a broke package. As if it was on purpose to annoy everyone. Do you think that was their intention?
The OBS and Bottles packages have been broken for a long time. Long enough that both upstream projects asked them to stop many months ago. They don’t get to pretend it was a mistake. This isn’t just another case of a minor packaging bug getting to users. They are packaging the software incorrectly.
Not OP, but for me the issue is if you want to override the default and make it opt-out, especially sine the opt-out process isn’t that well documented, then you should realize that support is a necessary part of that process and fix problems as they arise rather than resorting to name calling and hostile behavior when something you published is broken. It’s a responsibility of taking on that kind of project. Either that or make it explicitly opt-in and give users a warning like with beta version opt-in notifications that the packages are not official and issues may not be fixed as quickly as the official releases.