• Zaphodquixote
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Eh, I don’t at flatpak or snap unless I have no other choice, but i get why it would be annoying to have the delay.

    That being said, I wouldn’t be concerned until almost a month. It’s a big update that’s going to need more debugging than usual. Makes sense to hold back for a bit.

    • linuxisfun@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Eh, I don’t at flatpak or snap unless I have no other choice

      I thought the same until I discovered that Flatpak gives me the power to restrict apps in their permissions, similar to firejail, but less cumbersome. Since then I actually prefer Flatpak over traditional packages (I even switched to Fedora Silverblue), as I have a global override that, for example, revokes permission to access the root of my home directory or to use the X11 display server.

      This allows me to keep a clean home directory, as applications are prevented from writing into my home directory (configuration files then automatically get stored in the Flatpak directory ~/.var instead) or, even worse, into executable files, such as ~/.bashrc. I can also be confident that applications use Wayland, if they support it, and not a less secure display server (X11). Applications that don’t support Wayland yet can either be made to run under Wayland (Chromium / Electron) or I have to grant those applications permission to actually use an X11 server (Bottles / WINE, Steam).

      On the other hand you can also opt into punching as many holes as possible into the sandbox, for example by granting applications the permission to access a local shell. That might be necessary for development tools, such as VSCodium. The thing I like about Flatpak is that it offers this kind of flexibility and you can decide on a per-application basis which system resources the application can or can not access.

      Sure, the permission model isn’t perfect (e. g. D-Bus access), but for my use-case it is a huge improvement and it gives me more flexibility with selecting my distribution, as I can get the very same up-to-date applications anywhere via Flatpak.

    • linuxisfun@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Eh, I don’t at flatpak or snap unless I have no other choice

      I thought the same until I discovered that Flatpak gives me the power to restrict apps in their permissions, similar to flatseal, but less cumbersome. Since then I actually prefer Flatpak over traditional packages (I even switched to Fedora Silverblue), as I have a global override that, for example, revokes permission to access the root of my home directory or to use the X11 display server.

      This allows me to keep a clean home directory, as applications are prevented from writing into my home directory (configuration files then automatically get stored in the Flatpak directory ~/.var instead) or, even worse, into executable files, such as ~/.bashrc. I can also be confident that applications use Wayland, if they support it, and not a less secure display server (X11). Applications that don’t support Wayland yet can either be made to run under Wayland (Chromium / Electron) or I have to grant those applications permission to actually use an X11 server (Bottles / WINE, Steam).

      On the other hand you can also opt into punching as many holes as possible into the sandbox, for example by granting applications the permission to access a local shell. That might be necessary for development tools, such as VSCodium. The thing I like about Flatpak is that it offers this kind of flexibility and you can decide on a per-application basis which system resources the application can or can not access.

      Sure, the permission model isn’t perfect (e. g. D-Bus access), but for my use-case it is a huge improvement and it gave me more flexibility with selecting my distribution, as I can get up-to-date applications anywhere via Flatpak.