Let's just kill the silly myths

I know that Ubuntu 22.04 is out and everyone's all fired up about everything and there's discussions on the net about snaps and flatpaks and appimages and all this stuff, so I'm tired of just reposting the same things so let me get the basics out of the way.

In this post I'm going to try to address some of the issues people have with these new fangled packaging formats:

We're talking about client

Traditional linux distros run the modern world. Period, end of list. We're not talking about systems run by professional system administrators, we're talking about client Linux. However if you're in the Flatcar, CoreOS, or Talos gang, hell yeah, cloud represent!

Moving on tho ...

Rose colored glasses

There are way too many posts where people are romanticizing the traditional distro model. There are over 20,000 source packages in Debian. The idea that you walk into your distro bar and your friendly neighborhood bud/bartender has meticulously curated you a special blend of trusted software and ensuring that upstream isn't being evil is at best a naive way to look at it. Don't believe me? We all go to the same conferences, that person is drowning in unreasonable expectations, critical bugs, unreasonable demands for a volunteer, and all the "glory" involved with being a distribution packager.


We want gatekeepers where it makes sense, when it comes to my core operating system I want the strictness to be turned up to eleven. It has to be, packages are installed as root, there's trust stuff there. I want that level of strictness in my OS, I don't think anyone's arguing against that.

However, I need my bling, and sometimes I need it. I have to have Slack in order to use Linux at work, yelling at your company to switch to Matrix is just not an option. That software will not be reviewed by your distro maintainer, and guess what, they're going to bundle all the things anyway (go look!), so might as well wrap it in a sandbox, the entire "Debian Way" goes out the window the minute you're installed debs from third parties.

You can't uninvent GitHub

The amount of OSS software continues to have explosive growth, this is a good thing! Asking a few hundred volunteers across X distros to handle this for the entire planet will absolutey not scale, we know this because we've been through this before on cloud and mobile.

The only way this works is how it worked for cloud and mobile, you move to a least-trust model, let people self serve and then give those things the least amount of permissions that you can by default, and then let the user toggle how many extra permissions to give that app, you don't start off with root permissions. If you know Slack is going to bundle the planet in a .deb then why give it root permissions?

FlatHub is not perfect

I'm not clairvoyant, and Flathub is not perfect, but reverting to a PPA of Firefox that has root access to your entire machine is for sure not the solution. Please stop telling people to do that. Too many apps have lax permissions, and yeah, it needs to be tightened up, but giving all the apps root by default isn't a better solution.

Rob McQueen and I will be talking at the Linux Application Summit about this very subject this Friday, I hope you join us!

For me personally, Silverblue 35 was the turning point, by now it's easier to fix the warts in Flathub than it is to boil the ocean.

Flatpak is only part of the solution

My friend Jeremy Garcia succinctly said that the problem with the linux desktop is that it's not a product. And that sucks, but that shipped sailed so let me flip it.

Flatpak and Flathub by itself make little sense. We're in that weird transitional period where people don't get it, their distro is fine, maybe they tried it and it didn't work.

The Linux desktop is in the middle of a model shift. Everyone had a field day flaming Pop OS when Linus Tech Tips broke their OS. Could have happened to anyone, it was just their turn.

Thankfully having a top tech YouTuber destroy their OS by trying to install Steam is the extinction-level event the traditional desktop Linux needed.

Least-trust applications is only part of the solution. We need Wayland for this, and  if we're going to have to adapt as users we might as well make parts of the filesystem read-only. Other Linuxes have proven that this model works, only the traditional linux desktop is stuck in this old-school mentality where every application you install has full permissions over the entire computer.

Due to the tragedy of the commons, we can't just plop a stable OS on your laptop with the quality guarantees that we love about traditional distros with the freshness of apps that other plaforms enjoy (including other Linuxes, ffs!) . So many pieces are landing right now, and in many cases it's not in the right order.

We're in luck, Fedora Silverblue, openSUSE MicroOS (and their announced plans for ALP!), EndlessOS, and others are breaking the new ground here. And sure, SteamOS and Steam Deck landed a bit hot, but at some point people are going to wonder why their normal Linux distro isn't as reliable.  Multiple vendors pushing the model forward, feel free to choose one and roll with it, and let's not forget Nix and NixOS, there are plenty of non-commercial options in the space.

Stop politicizing git remotes

The whole idea that distro maintainers know what's up and that they're the lone gatekeepers keeping you safe from all those idiotic app developers makes no sense in real life.

First of all, the app developers working at these companies are allies, because I can guarantee you that for most of these companies the Linux desktop makes zero financial sense, and if they could, they would prefer to not deal with your bullshit.

These people use Linux, they're out there advocating for their org to do a better job, in many cases against unsurmountable odds, and it's not their fault that your belief system doesn't match with economic reality. In many cases they're the ones working on OSS on the side working on other cool projects!

Yeah it sucks that some ISVs don't package their stuff, and our own community is stepping up to package that stuff up, do the hard work, and put a bow on it so that when that Linux fan at that company wants to make the argument that supporting our platform is a good idea that we've given them the ammunition to make the argument. Craig McLuckie taught me this, it's called "Arm the rebels", and it's one of the many reasons Kubernetes was so successful, give your allies the tools they need to make the argument. Again, Linux has been there before in cloud, we're just applying those same techniques to desktop.

Also, you won't believe where lots of these Linux app developers cut their teeth, surprise: it's working on distros! Stop artificially dividing people, we're all pipeline builders now, it doesn't matter if where people push their stuff as long as the work is getting done.

Stop romanticizing outdated models

The Linux desktop application model is broken. Start acting like the technical vanguards you claim to be, there is no future where every application you install gives root access to your computer to that vendor.  

The only way this works is we give apps the least amount of permissions that they need, and if they need to do stuff we give them well understood APIs (like xdg portals) to negotiate the shit that they need and you just review and control how they do their business.

It's easier to help out

Flathub and flatpaks aren't perfect, and they might not be the future, but after doing this for about 20 years I am convinced that the best thing for the Linux desktop to do is to change the model: All applications should be untrusted by default, and the user should determine whether a fart app should have access to your ssh keys. ffs.

That being said even if you don't like how flatpak/hub are working out, it's better than what we have now, and the community knows where we need to go, it's just a matter of hands on keyboards, this doesn't have to be another decade-long transition like how Wayland was. I'm too old man, I'm not willing to make that kind of commitment, and that's why I participate! Let's just get it over with!

Show Comments