flatpak remote-add flathub-verified --subset=verified https://dl.flathub.org/repo/flathub.flatpakrepo
        • @rollingflowerOP
          link
          Deutsch
          128 months ago

          I might have something shocking to tell you. There are distros with good defaults!

            • @rollingflowerOP
              link
              Deutsch
              38 months ago

              I can recommend a semi-rolling distro ;D wayblue has some defaults, but I have not tried it. There also is a hardened version of it under the secureblue images. Although I think the maintainer has horrible control issues, I cant deny that the product is near perfect (apart from opinionated Chromium enforcements and some hacky parts like LD_PRELOADing a different allocator) and use the kinoite variant daily.

            • @Hawk@lemmynsfw.com
              link
              fedilink
              28 months ago

              I cannot.

              Endeavour OS is great but it’s just arch.

              Gentoo with oddlama/gentoo-install is nice too.

        • Ooops
          link
          fedilink
          38 months ago

          But that’s okay as it’s rolling release and unlike other distros you only need to do it exactly once…

    • @rollingflowerOP
      link
      Deutsch
      3
      edit-2
      8 months ago

      The Arch repos, being quick, rolling, not restricted legally or being upstream of some corpo distro like Fedora or OpenSUSE etc

      Idk ask Steam?

    • @Petter1@lemm.ee
      link
      fedilink
      28 months ago

      There are people that choose flatpak for some apps and the AUR for other apps I heard from a friend 🌚

    • @ManniSturgis@lemmy.zip
      link
      fedilink
      -68 months ago

      I just want new packages and Tumbleweed sucks, and don’t even get me started on Fedora and their codec nonsense. Every time I tried Fedora I run into issues. You can’t even use their packaged version of VLC cause they don’t also package the correct version of ffmpeg. Fedora is a joke. Nobara even worse cause that one is outdated on top of it. Arch is the way and you are all wrong.

      • @rollingflowerOP
        link
        Deutsch
        48 months ago

        Agree on the Fedora problem, but the solution is pretty easy.

        # install the RPM packages, your system is auto detected, the packages take care of updating the repos
        sudo dnf install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
        
        # enable cisco-openh264 to be sure
        sudo dnf config-manager --enable fedora-cisco-openh264
        
        # install ffmpeg with allowerase
        sudo dnf install ffmpeg --allowerasing
        
        # or, if you just want videos, without uninstalling anything
        sudo dnf install libavcodec-freeworld
        

        Thats basically it. On the Atomic variants, installing libavcodec-freeworld is just as easy, but allowerasing doesnt work so you need to uninstall everything manually to unbreak ffmpeg. Or you just use uBlue where it is already done and default (this will also avoid any rpmfusion incompatibilities to happen on your device and on the server instead)

        Yes this is annoying, but you do that once and afterwards have a current release more stable than Arch, and an old-supported release that is even more stable.

        • @ManniSturgis@lemmy.zip
          link
          fedilink
          1
          edit-2
          8 months ago

          but allowerasing doesnt work so you need to uninstall everything manually to unbreak ffmpeg

          There we go, that’s probably what I should have done. Utterly ridiculous! That’s too bad since Kinoite is the best immutable distro out there right now IMHO. (No, I don’t count NixOS)

          And we can go deeper still, cause I have also tried uBlue! And what do you know, even uBlue sucks. I swear to you I had issues I could not figure out how to solve on every single Fedora 39 thing I tried. Yes, I will admit that a user who is used to the Fedora way will have probably easily solved all those, but not me. And I could say the same about Arch, only on Arch I actually know how to solve my problems. And on Arch people would assume having to fix stuff manually, not on Fedora though. Fedora should be an “it just works” distro like Mint, but it’s SO GOD DAMN far from it. Anyways, I honestly believe the entire Fedora eco-system is straight up cursed.

          • @rollingflowerOP
            link
            Deutsch
            18 months ago

            Agree, fedora atomic is the best OS base there is. I am also testing COSMIC which is now under the ublue org.

            discussion.fedoraproject.org is there for problems.

            I agree that Fedora variants need more tweaking, but processes are so damn slow. For example setting up external repos would very well be possible, but they will add an intransparent “add external repos” page to Kinoite. At least that.

      • @jbk@discuss.tchncs.de
        link
        fedilink
        28 months ago

        Thank software patents for the codec trouble, not Fedora / Red Hat. They just don’t want to get their asses sued for free software

        Anyway I can use VLC and ffmpeg just fine with RPMFusion, idk what ur issue is, but judging by that

        you are all wrong

        i probably just wasted my time on a brainless troll like you.

        • @ManniSturgis@lemmy.zip
          link
          fedilink
          1
          edit-2
          8 months ago

          They just don’t want to get their asses sued for free software

          How come the other distros don’t seem to care? Does it just come down to them being based in the US?. They can’t be the only distro mainly based in the US, can they? VLC would not play ANYTHING. That was installed from RPMFusion in Fedora Kinoite 39. But even IF it were to work, this whole RPMFusion thing is ridiculous. If I had to install a bunch of codecs and drivers from the AUR I would say the same about Arch. That would absolutely kill the distro for me.

          i probably just wasted my time on a brainless troll like you.

          Hard to argue with that ;)

        • @ManniSturgis@lemmy.zip
          link
          fedilink
          18 months ago

          Eh, just my personal opinion. I tried it once and didn’t like it. But I can admit that is similar to me saying “Gnome sucks”. It’s obviously a matter of personal opinion.

            • @737@lemmy.blahaj.zone
              link
              fedilink
              38 months ago

              It’s an issue with zypper, if you ever updated your device, you did encounter it. Maybe you have never seen how fast Arch updates are in comparison.

              • @Petter1@lemm.ee
                link
                fedilink
                38 months ago

                Well my arch machine, I update using yay, and speed it takes differs depending on how long I haven’t use that PC. On my TW PC I don’t know the time it needs, since it does it automatically when I turn off the PC…

      • @rollingflowerOP
        link
        Deutsch
        18 months ago

        Which is not needed but a good bonus. VLC and others are still unverified, even though very well packaged.

        But I dont care about VLC anymore haha, Celluloid has Wayland support, portals, MPV configuration and is better for watching movies. Not for music though.

    • @rollingflowerOP
      link
      Deutsch
      -18 months ago

      Fair point. But when apps are on Flathub and people say “I dont care I have the AUR” they need to know.

      • the AUR has no verification at all
      • the apps have no permission system at all, so you need to trust them 100%
      • they are installed on your system and might mess up updates, give dependency errors etc.
      • their solution does not apply to nontechnical people. If a solution is not scaleable, it is not a good solution
      • @Skyflare@discuss.tchncs.de
        link
        fedilink
        48 months ago

        All you need to verify an AUR package is to read the PKGBUILD file, which is something the AUR keeps on encouraging you to do (this assumes that you trust the upstream repo, which is something that even official packagers of most distros do)

        Also a lot of flatpak packages aren’t sand boxed enough to be safe and only ends up giving false sense of security to nontechnical users

        Your last point is extremely important though, AUR is horrible for nontechnical users (which is why the AUR discourages AUR helpers)

        • @rollingflowerOP
          link
          Deutsch
          28 months ago

          Okay having an easily readable build file is a bit missing. Flathub hides that a lot.

          I think their rating system, which is on the website and also GNOME Software, displays apps with home access as insecure.

          And somehow this seems to be general knowledge and an issue about a privilege escalation through a local override was just closed. Yay

  • @infeeeee@lemm.ee
    link
    fedilink
    208 months ago

    If an AUR package wants to install 137 python dependencies, I usually search for a flatpak instead.

      • @infeeeee@lemm.ee
        link
        fedilink
        3
        edit-2
        8 months ago

        Beside what @fatihozs@mastodon.social wrote:

        • If the package wants to install an awful amount of dependencies it means those dependencies are only used by that package on my system. Flatpaks contains all dependencies, so the required disk space would be similar to the flatpak.
        • My feeling is flatpak install time is quicker in this case, to install 1 flatpak vs 138 AUR packages. I never measured it though.
        • I only do this if an insane amount of dependencies needed. Some dependencies are normal, if more than 50 than I think AUR is not an ideal way to distribute a software, or also include a -bin package.
        • If no flatpak available I still install the 137 dependencies, so nothing wrong with that, it’s simply the way I like to manage my system.
      • Fatih Özsoy
        link
        fedilink
        28 months ago

        @pineapplelover @infeeeee No, some people just don’t want to install tons of packages just for an application they want to use to. The more package means the higher chance for system breakage. It’s better checking dependencies and pkgbuild before install

        • /home/pineapplelover
          link
          fedilink
          38 months ago

          Yeah but I thought if I installed it through AUR natively then it would be better since if other programs need those same dependencies, I wouldn’t have to install them again.

    • @devilish666@lemmy.world
      link
      fedilink
      38 months ago

      Personally i like chaotic-aur because it’s already pre compiled
      The only aur packages on my is system is stacer-bin (the only cleaner i trust other than bleachbit)

      • @infeeeee@lemm.ee
        link
        fedilink
        48 months ago

        That’s install dependencies (in PKGBUILD they are called makedepends), python programs usually need them for runtime (depends in PKGBUILD). On the main page of a package they are listed together, but on the PKGBUILD they are separate

        • @Petter1@lemm.ee
          link
          fedilink
          2
          edit-2
          8 months ago

          😁 I know (well that about two types of dependencies)

          That python dependency seem more a upstream issue, not a AUR issue, isn’t it? I mean, if I install the same app from another source, it still needs those dependencies, isn’t it?

    • @taanegl@lemmy.world
      link
      fedilink
      28 months ago

      I’ve had nothing but good experiences with Flatpaks/Flathub and bad experiences with AUR/nixpkgs.

      Fedora also has it’s own Flatpak repo now with it’s own runtime.

      • @rollingflowerOP
        link
        Deutsch
        28 months ago

        Same. Ubuntu AND Fedora Libreoffice, SciDAVis and more where broken, not the Flatpaks.

        Flatpak is really meant for the big GUI apps. No problem with small distro packages really. It just takes off the huge burdens of maintaining distro packages for like Libreoffice, which is as big as the Linux Kernel.

    • @rollingflowerOP
      link
      Deutsch
      08 months ago

      You need to be more specific.

      You need to think about the background problem here.

      When Google made Android, it was web based. Their “perfect sandbox” ironically has no internet toggle. They won tons of marketshare, and iOS is not different here, both restrict apps to containers and have permission systems to reach out of these containers to access sensors, files and other data.

      Desktop operating systems are way older and have no such concept. We have mandatory access control with SELinux and Apparmor, but those are (I think) more complicated than Flatpak.

      Flatpak is a solution for multiple problems of Desktop Linux Apps at once.

      1. isolate apps with a real permission system
      2. make apps run anywhere
      3. have a single platform to target, so we dont need packagers anymore (for most GUI apps) and can file bugs upstream
      4. separating apps from the system: stable distros can have modern apps (similar to Windows) and Apps dont affect the stability of the OS at all. Also config files of such apps are in their container, not bloating your “oh so good xdg basedir”

      These are all extremely important points for a healthy, modern and secure Linux Desktop.

      But there are also issues to every point:

      1. most apps are not adapted to this model, which means they need broad static permissions like Pulseaudio, home or even host, allowing surveillance or trivial (even documented) privilege escalation. This is basically how apps like Flatseal work. Pulseaudio has no portal, do apps can listen to your mic whenever they want.
      2. Apps that “run everywhere” will not have distro-specific optimizations. The system needs to run on old LTS kernels to be universal, which means you miss out on tons of optimizations. Developers could just not care, but this depends on the app.
      3. Flatpak is more complicated than Snap (or even Appimage, if you leave the manual signing, monitoring vulnerable libraries and having a manual repo out). So it is not a great experience for “the Linux packaging model”. GNOME Builder is a good IDE for it but afaik only for GTK apps.
      4. No issues here. This is the core princible of “immutable” distros like Fedora Atomic Desktops.

      If you have issues with flatpaks, you need to be more specific. Maybe it is a packaging issue, or you expect an app to do stuff that is not