this post was submitted on 12 Jun 2024
78 points (93.3% liked)

Linux

48186 readers
1209 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

target OS is debian or linux mint

you are viewing a single comment's thread
view the rest of the comments
[–] callcc@lemmy.world 10 points 5 months ago (8 children)

Flatpaks won't get their libs updated all at once by just updating a library. This can be very bad in cases like bugs in openssl. Instead of just updating one library and all other software benefiting from the fix, with flatpaks, you need to deal with updating everything manually and waiting for the vendor to actually create an update package.

I'm not 100% sure about this. Flatpak has some mechanisms that would allow to manage dependencies in a common fashion.

[–] Spectacle8011@lemmy.comfysnug.space 7 points 5 months ago (6 children)

Most Flatpaks depend on the Freedesktop Platform runtime, or GNOME/KDE runtimes, which are derived from it. This contains several hundred common dependencies and librarires programs need, like gcc and python. When you update the runtime (change it from 22.08 to 23.08 in the manifest), all the dependencies are updated too. Many simple applications don't depend on many more dependencies than are available in the runtime. Some...have more complicated dependency trees.

But counterpoint: the developer will update the dependencies when they are known to work properly with the application. Upgrading GTK3 to GTK4 in the GIMP flatpak will just break the application. Same thing with Krita and the dozens of patches to libraries it depends on. If you upgrade the application in the name of security before it's compatible, all you end up with is a broken application. Which I guess is more secure, but that's not helpful to anyone.

[–] nyan@sh.itjust.works 2 points 5 months ago (2 children)

Which means that if you have a flatpak with an uncommon library and the dev stops issuing updated flatpaks because they get hit by a bus, you could be SOL with respect to that library. Distro libs are less likely to have this happen because very few distros have a bus factor of 1—there's usually someone who can take over.

if you have a flatpak with an uncommon library

In this case, you're responsible for packaging it yourself. This usually means specifying the git URL and build options in the manifest. You can see Krita doing this in their manifest because they don't depend on the KDE Platform, as they need much older dependencies. So they're responsible for over 1000 lines worth of dependencies.

The Freedesktop Platform is essentially a distribution unto itself, and I don't think there's ever been a case of dependencies in that distribution not being kept up-to-date.

Distro libs are less likely to have this happen because very few distros have a bus factor of 1—there’s usually someone who can take over.

Well...debatable. There were over 1200 orphaned packages in Debian last year, many of which had not been maintained in over 3 years.

load more comments (1 replies)
load more comments (4 replies)
load more comments (5 replies)