Fedora and Debian have similar philosophies. FOSS only, packages must be built from source, no vendored dependencies. So they have similar policies regarding security and Fedora Flatpaks align closer to that than Flathub.
I believe Debian also doesn’t ship patented codecs in their main repo.
Depends what you mean by “problem”. The biggest problem with traditional packages like debs and rpms is that compatibility sucks. They only reliably run on the distro and version they are designed for. Third party packages typically build on old dependencies and hope that backwards compatibility will allow them to run without issue on later distro versions.
Yes, it’s redundant to have have the same app packaged as flatpaks. Though I don’t think that redundancy is necessarily a bad thing. Flathub is not a profitable project and has up to this point relied on Gnome for funding. There’s work being done to spin it out to be it’s own thing and hopefully be supported by paid apps. But what if that fails and it shuts down? Or less dramatically, what if Flathub has a major outage?
One of the common complaints against snap is that there is only one store, controlled by Canonical. Flatpak is designed to support multiple stores. I don’t see why they can’t exist side by side. That’s exactly what I do. I have dozens of apps installed from each source.
And to address the claim of what if “each distro decides to make a flatpak repo according to their own philosophies?”. I guess that would depend on how many resources are being poured into supporting that. If flatpak continues to push for OCI support, then that would make it easier for distros to have their own remotes, if they desire. If not, they can just use an existing option. Whether that be Flathub or Fedora. Personally, I think Fedora Flatpaks are a good match for Debian and OpenSUSE’s policies, only real downside is that major Gnome app updates would be a month delayed, annoying Tumbleweed users.
There are broken Flatpaks in Flathub too. Does Flathub deserve legal threats too? No.
Not distro specific. They are Flatpaks built according to Fedora’s philosophy. But you can use them anywhere. I’ve used them on Ubuntu and OpenSUSE.
Last update (which replaced Discover with Bazaar) changed that.
In a way, true. But I don’t think they are using flatpak’s filter mechanism. I believe the filtering is done by Bazaar itself. That means that even if Bazaar is hiding an app, you are still able to install it manually from the CLI.
The intent is also different. Bazaar is filtering out footguns, like the Steam flatpak on Bazzite (since Steam is preinstalled as an RPM) and Bluefin hides flatpak IDEs.
All FLOSS apps on Flathub are built on trusted platforms by default, in the open and verifiable.
That’s not true. Take LocalSend as an example. It does not build LocalSend on Flathub. It simply takes a GitHub release URL of a compiled tar.gz. And GitHub releases do not have to be built on GitHub, you are able to upload any local file and have it shown as a release.
The sudden success of Bazzite comes from how easy it is to use.
I agree. But it’s also important to have principles and to stick to them. The great thing about Fedora Atomic is that Fedora is able to create their FLOSS OS following their principles and others are able to take that base and build upon it to create their vision.
Fedora doesn’t have to be for everyone.
What OBS did was bad. They should not have stuck to an EOL runtime, period. It would have been better if they temporarily moved to a supported freedesktop runtime and vendored in their Qt dependencies. That way, they would have been using a supported runtime while still using their outdated Qt version until the upstream issues were fixed.
Not at all.
A recovery code. I did a test install of Aeon and was given the code: dhnhlgc-fbndjbni-ufrkcfnk-nfebvtut-ftkkiiur-tijidtub-hujnucgu-erduhije
64 digits, but only alphabetical and a certain subset (16/26) due to weirdness of keyboard layouts.
TPM is used for measured boot. Measured boot can check various parts of the system to ensure they are the expected values haven’t been tampered with. You don’t want a part of the system to be replaced with malware and not realize it.
If it detects something changed, it won’t release its secret. It may signal to you that something malicious was done or something benign that the OS updated didn’t account for.
TPM unlocking FDE is complicated for me. I fully understand measured boot and support it, but it seems less secure to me than manually unlocking the disk.
Once the disk is unlocked and you’re put onto the display manager, I feel like there are many more vulnerabilities that could be exploited to gain access to your data.
With manually entering the disk password, the data is locked. You either need to brute force it or use the XKCD wrench method.
So I feel TPM+Pin is the best for security. Unfortunately Aeon, which is based on OpenSUSE and implements TPM, doesn’t support TPM+Pin. I think it’s mainly due to how poor and widespread TPM support is. It could lock you out entirely.
Not any PiP window, only ones that use the protocol. Firefox should use it. Though I’d be surprised if there wasn’t some Kwin extension to automatically make the PiP windows always on top like the extension you mentioned or the Gnome “PiP on top” extension
There’s still plenty of inefficiencies to criticize.
Sorry, meant to say Firefox OS.
Anyways, fixed it.
I’ve had no issues with the ProtonVPN flatpak on Fedora Silverblue.
SteamOS does not get reported as Arch.
I don’t think nonfree is enabled by default. Though I guess the repos are still hosted by debian, unlike RPMFusion. Though Fedora does treat it as semi-official given that parts of it can be enabled during first setup.