'Flatpak' Is The Universal Linux Packaging Format That Puts 'Security First'

[Lucian Armasu]

The recently released "flatpak" Linux packaging format promises to make security its main priority, while also making Linux apps as universal as possible.

'Flatpak' Is The Universal Linux Packaging Format That Puts 'Security First' : Read more

 

[cwayne18]

You're way off base about Snaps here. First of all, Snaps are in no way tied to Mir (in fact we've already seen Krita running on Wayland on Arch). Secondly, Mir is not proprietary, it's free and open source, and lastly, snaps aren't really tied to the Ubuntu store, users can sideload apps without ever touching the store, the store just adds some convenience.

 

[mhall119]

None of these new packaging formats (Snap, Flatpak, AppImage, etc) have any dependency on the display server. Snaps will run on Wayland. Flatpaks will run on Mir. Both will and already do run on X11.

Flatpaks are not limited to Wayland, and they will suffer the same security concerns when run on X11 as you mentioned. Nor is it's runtime confinement in place yet.

 

[mhall119]

A few more corrections (sorry, I should have finished reading before commenting):

Flatpaks can use a Gnome or KDE platform, but they don't have to. If an app wants to include all of it's dependencies, rather than say it needs one of those platforms installed, it can do that. Platforms are also provided via Flatpak, not by the distros themselves.

However, I don't think that a flatpak can depend on more than one Platform at a time, so if your app needs Java *and* Gnome, you'll have to include one or the other in your app package.

In any case, the attack surface for both Flatpak and Snap is limited by the runtime confinement, which largely negates the added risk that bundling dependencies cause.

 

[Kernel Panic]

If only the writer of this article did more research about snaps he wouldn't have a fool of himself,

 

[Kernel Panic]

made

 

[spartan2276]

This just shows that writer is an anti Ubuntu distributions. Most open source projects use the kind of licensing he mentioned about Canonical. But somehow Canonical is wrong for using it. Yeah there is lots of FUD in this article and I thought it was only Microsoft we had to worry about pulling this kind of thing. The other camp has come out in droves with their torches and pitch forks. Jesus....