Gradience, Flatseal, Loupe Image Viewer, and Resources running on Ubuntu 16.04

Firefox 118.0.2 running on Ubuntu 16.04

Door Knocker, Collision, and Cartridges running on Ubuntu 16.04

ASHPD Demo running on Ubuntu 16.04, showing a notification through XDG portals

According to Door Knocker, almost half of the portals are unavailable on Ubuntu 16.04, compared to only one unavailable on Fedora 39 with GNOME, which means Flatpaks running here may have more limited capabilities than usual.

  • @neoA
    link
    English
    -36 months ago

    Flatpak has relatively weak sandboxing, takes up a lot more storage because sometimes dependencies get bundled a few dozen times, and most distressingly depends on the application developer to be available to do things like address supply chain attacks.

    • Possibly linux
      link
      fedilink
      English
      36 months ago

      I don’t think you understand flatpaks. Flatpaks have dependencies such as the gnome or KDE frameworks. Those frameworks are only installed once so I’m not sure where you are getting the idea that they are installed multiple times.

      Also flatpaks usually come from flathub.org which is unlikely to be compromised. It not impossible but they seem to be pretty good about properly labeling apps.

    • halva
      link
      fedilink
      36 months ago

      relatively weak sandboxing

      because xorg exists, not because flatpak can’t do sandboxing well

      dependencies get bundled a few times

      only if there’s a need to do so. identical runtimes are shared

      depends on the application developer to be available to do things like supply chain attacks

      yeah as if a rogue package maintainer can’t do the same