Appimages, snaps and flatpaks, which one do you prefer and why?

  • MrBubbles96@lemmy.ml
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    3
    ·
    1 year ago

    None. I prefer native packages. AUR usually has me covered and hasn’t broken my system…ever, really. Yet, anyways. (Well, it might have broken my Manjaro install, but it is Manjaro, so i probably sneezed wrong)

    …but, if I had to pick one? Flatpaks. Outta the three, they’ve given me the least trouble and just work right out the gate. Still prefer native packages tho

  • ChristianWS
    link
    fedilink
    arrow-up
    30
    ·
    1 year ago

    As far as I know, Flatpaks have the best foundation currently, there are a number of issues, but they are fixable and not entirely by design. And with Fedora Silverblue/Kinoite and OpenSUSE MicroOS you can really see how native debs/rpms/whatever isn’t really that good of an idea for the average user and Flatpak is a solution to that.

    Appimages at a glance seems like a perfect solution for apps that for some reason or another needs to be kept outdated. But there is (was?) an issue of it not really bundling everything it needs, it looks and behaves as it is portable, but as far as I’m aware, it really isn’t.

    And then there’s Snap. Yeah, that one is just weird, it honestly just doesn’t feel like a proper solution to any of the problems it tries to fix.

  • Kalcifer@lemmy.world
    link
    fedilink
    arrow-up
    26
    ·
    1 year ago

    Flatpak – It’s not without it’s own issues, of course, but it does the job. I’m not fan of how snaps are designed, and I don’t think canonical is trustworthy enough to run a packaging format. Appimages are really just not good for widespread adoption. They do what they are designed to do well, but I don’t think it’s wide to use them as a main package format.

  • Chewy@discuss.tchncs.de
    link
    fedilink
    arrow-up
    25
    ·
    1 year ago

    Flatpak is my preference since it supports multiple remotes (repos) and sandboxing. With flatseal tweaking the sandbox is also easy.

    Snaps work great on Ubuntu and support cli tools as well as system components. But their sandboxing doesn’t work on many distros and the one and only repo is controlled by one company. If I’m not on Ubuntu, I don’t see any reason to choose it over flatpak.

    Appimages are great for putting on a USB stick or keeping a specific version of software. But I want to install software from a trusted repository, which Appimages support at best as an afterthought.

    • itchy_lizard@feddit.it
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      You know they flatpaks doesn’t verify the packages it downloads from your “trusted” repository, right?

    • Kcg@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I just returned to linux after a few years. Mint is so slick and out of the box ready. Gonna stay a bit longer I think.

  • neurodivergentAF@reddthat.com
    link
    fedilink
    arrow-up
    20
    arrow-down
    1
    ·
    1 year ago

    Snaps is too well controlled by Canonical and does have it’s limits.

    Flatpaks can be very secure, and works in most distros. It is one of my favorites.

    AppImages are real easy, and is designed to work on most distros. The only problem is that many apps aren’t current. So I don’t recommend it unless an app provides it on their own sites. AppImages are often made by somebody else.

  • Rozaŭtuno@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    21
    arrow-down
    2
    ·
    1 year ago

    I prefer flatpacks. There’s nothing wrong per se about snaps, it’s just that they are kinda slow, and Canonical is untrustworthy.

    Appimages are to be avoided, imo. They are no better than downloading random crap like on Windows.

  • amanneedsamaid@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    Flatpak and Appimages. Flatpaks are the best solution IMO, just better than snaps in about every setting except servers. Appimages are great simply because of their easy portability, just being a single executable. I like having GUI apps in Flatpaks because it separates the updates for those applications from my package manager.

    • Sohrab Behdani@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      3
      ·
      1 year ago

      but what about the apps that are not in the official repository?

      for example tuba the mastodon client

      • phoenix591@lemmy.phoenix591.com
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        1 year ago

        package myself; I chose Gentoo (and previously Arch) in part because its reasonably easy to package things there.

        Most build systems are covered by eclasses ( libraries) that handle the repetitive minutia every package that build system needs.

        Here’s the tuba ebuild for example (from GURU, the Gentoo equivalent of the AUR), 90% of it is just listing the dependencies and telling it to use a few eclasses to handle everything else.

        Oh, and here’s the lemmy back end ebuild, the giant wall of crates is automatically generated/updated from a tool that reads the cargo files. (needed because Gentoo doesn’t allow internet access during the build for normal packages so crates are downloaded ahead of time)

          • abrasiveteapot@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            1 year ago

            aur is limited to arch based distros only

            And rpms are for redhat tree, so ?

            OP said

            None of the above. Native debs/rpms/whatever for desktops, docker images for servers.

            Your example package is readily available in my distro in native was my point. If your distro doesn’t have it then maybe you need to change distros.

            • Archimede@fediverse.boo
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              2
              ·
              1 year ago

              Arch users being like “I have it in my AUR. What more could other people ask for ?”

              You should realise it’s a possibility not to want to change a system just to use (possibly broken) AUR

              • abrasiveteapot@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                1 year ago

                Which, again, misses the point. Original OP said “install native” replying OP said “but what about (package)” (obviously intending that to be a gotcha) and I replied with “well it’s in mine”

                I have no idea what debs& rpms are available, nor do i care.

                And what is this “possibly broken aur” rubbish ? It’s a repository, and it most certainly isn’t broken.

                Individual packages may be broken but they can be broken in any repository. Are you saying there’s never been a broken package in a debian repository ? Lol.

                Edit to correct “you” to “OP” as you aren’t the original person doing the “whataboutism”

            • constantokra@lemmy.ml
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              Do you check packages you install from the aur? I ask, because it seems like people don’t. I did, and it was a pain in the ass, and that’s why I stopped using arch and arch based distros.

          • abrasiveteapot@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            1 year ago

            Nope, nothing broke but

            Aborting… error: failed to build ‘tuba-0.4.0-0.1’:

            and I can’t be arsed troubleshooting why for a package I have no intention of using. LOL

            • MrBubbles96@lemmy.ml
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              Basically this. Not saying the “AUR breaking your system” thing isn’t, well, a thing but I get “error aborting installation” warnings waaaaay more often than my system just outright dying because of an AUR package (which is to say, it’s never actually happened to me).

              And usually, when I see that warning, I go “kay, not even gonna bother” because if I ignore it and try to brute force the install…yeah, that potential breakage is on me, not the AUR

              • abrasiveteapot@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Ditto. I’ve literally never had an aur package break my system either, but like you if it doesnt want to play first go, I’ll almost always find an alternative.

        • itchy_lizard@feddit.it
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Docker Content Trust. Its the (off by default and pretty broken) way that docker would verify what it downloads wasn’t maliciously modified

  • Lettuce eat lettuce@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    Flatpaks are quickly becoming my favorite. I’ve rarely had issues with App Images, but they are clunky and messy. Flatpaks are where it’s at IMO.

    Snaps are pewpy.

      • Lettuce eat lettuce@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        You have to use a separate application to manage them, otherwise they act as portable .exe files in windows, just laying around in a folder you have to manually link to or navigate to to run. You have to set them as executable manually otherwise you can’t run them in certain distros, or they force you to click through the prompt. They aren’t listed in the general packages installed on your system.

        They are often bulky in size, and depending on the distro and software, sometimes they don’t work properly. And again, without independent management software, they have to be manually updated independently.

        They aren’t bad, they just arent as good as other options IMO. I like App Images for random small programs, or some games too, they aren’t a problem. But for large programs I want to use frequently, they are just less convenient.

  • chickenwing@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    Flatpacks give me the least trouble so I guess those. All though appimages seem alright too. Snaps however seem to never want to install. I like the idea of easy one click installs for every distro but I think we are a few years away from that.

  • thelastknowngod@lemm.ee
    link
    fedilink
    arrow-up
    13
    arrow-down
    1
    ·
    1 year ago

    Real talk? I genuinely don’t care. I have actual work that needs to get done. I’m going to use whatever I can to make that faster/easier. Of all the decisions I need to make in a day, this is a pretty inconsequential one.

  • vrighter@discuss.tchncs.de
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    none of them. I don’t like the idea of putting security updates in the hands of the developers of each individual application I use.

    Oh your app only works with an old broken insecure version of the library? Fuck you then, you can’t just decide to install and use the insecure version.

    • dino@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Interesting idea, didn’t think about this before. Still you could argue because of the sandboxed nature, those outdated libraries should’nt be much of a problem?

      • vrighter@discuss.tchncs.de
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        example, suppose there was a bug in openssl’s prime number generation code. It will generate insecure keys.

        No amount of sandboxing can help with that. The bug is discovered and the next day I run ‘pacman -Syu’ (I use arch, btw) and the problem is gone systemwide, except for any flatpaks or appimages etc. Those will only get updates (and stop leaking my data) if and only if its maintainer actually gives a fuck, is still alive and active. If not, you’re sol

        • dino@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          I am very certain the most appropriate person to update the software would be the developer itself. So when suddenly for flatpaks & co the responsibility of updating libraries is put on the flatpak package maintainer for ANYTHING used in that container… it doesn’t sound optimal.

          Still your example is a very edge-case scenario, because it would create a static vulnerability.

          • vrighter@discuss.tchncs.de
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Containers are a form of static linking. just because they are different files inside the image, doesn’t mean they’re not effectively statically linked, if they can only be upgraded together

            If I update my shared libraries, that application uses its own ‘statically linked’ libraries and doesn’t pick up the changes. Exactly like what happens with a normal statically linked binary.

            I avoid static linking like the plague.

      • vrighter@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        sandboxing protects apps from each other. If there’s a bug in some library that somehow leaks some security keys or something, sandboxing doesn’t help.

        • dino@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          “leaks security keys of the app itself”, it can’t leak anything outside of the container?

  • Rega@lemmy.ml
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    Flatpak is the best one imo. Never used appimages, and snap is pure trash (close source, slow, made by canonical). Overall, native packages are imo the way to go, but flatpak is also fairly good.

    • KotoWhiskas@kbin.social
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Snap isn’t really closed source, it’s common misconception, the closed source is only backend (canonical servers), the snap core itself, which is installed on Ubuntu, is fully open source

      Edit: snap definitely sucks tho