How safe is LURE?

Shared dependencies or death
Docker

🤔

But snaps do have shared dependencies to a degree. Also, do you use gentoo?

Flatpaks and snaps both have shared dependencies, just at a less granular level than debs. OCI images and VMs are pretty much the extreme opposite of shared dependencies.

On arch?

os-tree is slow as molasses

Have you met nix?

finally, somebody in this thread who doesn’t live in the past.

System package manager is for system binaries. Not for applications.

Linux From Scratch user detected

AUR changed my life

|sudo bash

this is probably an edge case but I do when i visit family and friends. these trips are short and infrequent enough that a laptop would be an unnecessary expense and i’m not driving through mountainous areas with my tower. none of them use linux. most have aged windows or mac machines. they don’t care if i run a live system or puppy linux from a USB drive. i add a handful of appimages i’ll use at night or if there’s free time. I’m sure there are better ways but it works for me.

for transcripts, i built tesseract from source

LFS Ftw!

I have a few source built packages that I use every day.

Loading up my system with several development libraries to compile a program is preferable to taking a giant dump on my system in the form of soypacks.

Nothing necessarily at the tech level. They’re more capable than Appimages or flatpaks to the point that you can use it to build a reproducible system hardened against tampering or defective updates.

The downside is that it’s controlled entirely by canonical, has limited abilities (if any?) for hosting storefronts/packages outside of their ecosystem, and said ecosystem is insecure and has already allowed multiple waves of malicious apps to reach end users because of poor moderation of listings masquerading as legitimate versions.

Canonical has also been increasingly hostile to flatpaks - removing it from Ubuntu and derivatives by default to push users towards snap.

The whole loopfs thing is just an annoyance, but the aggressive posturing by canonical as well as the closed nature of the storefront that has led to malicious attacks on end users is enough to give it more than a few haters.

Snaps are a standard for apps that Ubuntu’s parent company, Canonical, has been trying to push for years.

The issue that most people have with them, is that Canonical controls the servers, which are closed source. Meaning that only they can distribute Snap software, which many Linux users feel violates the spirit & intention of the wider free and open source community.

Appimages and Flatpaks are fully open source standards, anybody can package their software in those ways and distribute them however they want.

.deb files are software packaged for the Debian distribution, and frequently also work with other distros that are based on Debian, like Linux Mint.

The snap store is some proprietary store Canonical runs, and snaps are friggin huge in size. I don’t really know though as I don’t use Ubuntu anymore

I don’t think snaps are bad (and when someone tries to explain why they are, about 85% of the time they say something wrong enough that I suspect they’re probably just parroting someone else rather than actually knowing what’s going on). It’s sad, because if we could get rid of the bullshit we could actually have decent discussions about the benefits and shortcomings of snaps (and how to fix those shortcomings).

On the .deb front: it’s a package format made by Debian. Each archive contains a data tarball, which has the files in the package in their full structure from /, and a control tarball, which contains metadata such as name, version and dependencies as well as pre-install, pre-remove, post-install and post-remove scripts, which are used doing any setup or removal work that can’t be done just by extracting or deleting the files.

The upside of deb files is that they tend to be pretty small. The downside is that this typically comes from having a tight coupling to library versions on the system, which means upgrading a library can break seemingly unrelated things. (This is why you get warnings like this page: https://wiki.debian.org/DontBreakDebian) Many third party distributors (e.g. Google with Chrome) take care of this by packaging most dependencies inside the deb, inflating the size.

Another major difference between packages like debs and rpms and newer formats like snaps and flatpaks is that the latter have confinement systems to prevent apps from having full access to your system.

The primary thing I hate about them is that every snap package appears to your system as a separate mounted filesystem. So if you look in your file explorer, you can potentially see dozens of phantom drives clogging up your sidebar.

This may be true from your perspective but won’t sway over many newbies / plebs who don’t have the knowledge (yet) or who simply do not have or want to take the time for self packaging.

And flatpak, snap and appimage tend to become the standard to get verified, tried and tested software hosted & supported by the official maintainers or the company behind the software.

Now to the personal part:

There was a time when I was motivated enough to get packages from user repos - I actually never was motivated enough to do self packaging so maybe I have missed something world changing - but I got so tired of having to figure out the missing “optional” dependencies that meant the software wasn’t working as expected and having to trust 3rd party maintainers when most stuff on flathub was “install & ready” and officially supported or at least hosted by a “verified” source. And maybe distro xyz has a mindblowing solution to all my problems but for the moment I am happy with what I have and not looking for yet another distrohopping and yet another point was whilst distrohopping it was soo easy that I could use the same install.sh containing all my favourite flatpak apps & the “applications” folder containing my favourite appimages no matter if I was on a Debian, RedHat, Arch, … based distribution.