2 Likes
It’s definitively not. The most basic reason is that flatpack and any absurd stuff
like them (snap, appimage, …) can’t run the base system. You can’t deploy a kernel
via flatpack, for instance.
The reasons big enterprises push for them, and certain FLOSS devs slavishly follow
not really understating why (sorry for such a bold statement, but that’s is, I call it the
sheep effect where people try to imitate “leaders”) is simple: they want the Microsoft
classic model where software distribution is controlled by vendors, not by the distro,
or in GNU/Linux/FLOSS case by a community. They want to been able to push crappy
obscenely developed crapware with a gazillion of outdated deps, full of vulnerabilities
and having it works ok-ish on all distros keeping the package under their control.
That’s is: there is NO SINGLE REASON to package “containers”. If, for safety we do want
isolation cgroups are there for it, firejail/bubblewrap/capsicum are already made and well
known implementation on top of them. Plan 9 namespace are (as many other parts of Plan
9) “the way to go”. Containers these days are like full-stack virtualization on x86 years ago:
a commercial push sold and believed to be future, the Right Way and after years of
wasted resources just to sell iron ditched as long as a new less crappy solution appear.
Honestly an OS must be like classic OSes (Xerox SmallTalk workstations, LispM etc),
witch means a single software where anything is a function accessible to the user that
can combine them as he/she want easily. We ditch this model ONLY for commercial
purposes, because sell such system means automatically sell open source software and
in turn empower users. This model prove to be a disaster in both technical terms (actual
systems are mere bad copies of part of old systems, not joking) and social terms. With
the classic model there will be no place for GAFAM dominance, no place for always
ignorant users etc.
That’s is IMO…
4 Likes
Flatpacks generally are not designed for them right.
And developer need to write wrapper for them, while flatpack do that for you.
We ditched that model because it assumes every user is a programmer/sysadmin. Not merely technically expert but a fully fledged developer.
The old way of testing on every hundred of obscure distro, burdening software mantainers?
6 Likes
Flatpak to me as a power user is a way to encapsulate naughty applications into a place where they need to put genuine effort in to mess with the rest of my system. Flatpak is one of the well known wrappers around bubblewrap you mention, and the flatpak devs invest a lot back into that, while preparing it to function with X/Wayland. I know a few of the devs, mind you, so maybe I’m biased 
This is useful when you run video games or such, whose devs you may not entirely trust. Anti-cheat and DRM tools are often much more invasive than they have any right to be, and see the recent vulnerabilities in Minecraft and Dark Souls 3 for how poorly that industry is currently prepared to handle CVEs, despite being backed by the likes of Microsoft - and that’s just the few that are known, few security research organizations care for investigating games. The number of privilege escalation bugs in Nintendo games may be an indicator.
It also provides permission management much like you have on android phones, and hopefully brings us into a future where we can use all these proprietary blobs without having to completely compromise privacy. Most of them already ship with a full stack of statically linked libs anyway.
Flatpak will likely never be a good format to package the more integrated system components ala editors and gnutils, but it is at least in concept better at handling the ever-growing stack of complex GUI applications - both to help developers test and distribute their software, as well as users protect their devices.
It may take some time for the sandboxing to be genuinely useful to users who don’t manage the permissions manually, but it’s heaps and bounds better than running stuff like steam raw on my OS.
It won’t replace distro packaging. That is still very much needed for system software. But it will hopefully make GUI applications more accessible and safe, and keep distros from having to package complex things like Chrome, Firefox and Steam (far too much effort is distributed across distros for those three packages).
It’s a shame there is so much hostility to the project. It’s a genuinely useful tool. Any perception of it as a threat to the traditional distro model, or even just a competitor, is very misplaced.
21 Likes