As a user, the best way to handle applications is a central repository where interoperability is guaranteed. Something like what Debian does with the base repos. I just run an install and it’s all taken care of for me. What’s more, I don’t deal with unnecessary bloat from dozens of different versions of the same library according to the needs of each separate dev/team.
So the self-contained packages must be primarily of benefit to the devs, right? Except I was just reading through how flatpak handles dependencies: runtimes, base apps, and bundling. Runtimes and base apps supply dependencies to the whole system, so they only ever get installed once… but the documentation explicitly mentions that there are only few of both meaning that most devs will either have to do what repo devs do—ensure their app works with the standard libraries—or opt for bundling.
Devs being human—and humans being animals—this means the overall average tendency will be to bundle, because that’s easier for them. Which means that I, the end user, now have more bloat, which incentivizes me to retreat to the disk-saving havens of repos, which incentivizes the devs to release on a repo anyway…
So again… who does this benefit? Or am I just completely misunderstanding the costs and benefits?
So again… who does this benefit?
It benefits me because I can install 32 bit software as Flatpak without any troubles and without messing up my whole system with 32 bit libraries dependency hell.
It benefits the end-user.
People do not want to be in dependency resolution hell; where they have three programs that all use different versions of libssl and require them to install all of them properly and point each application to the correct one. Most users have no ability to resolve problems like that. By not bundling, the application developer is forcing them to either try anyway or just not install their software.
Bundling dependencies with Flatpak or Snap helps the end user at the cost of only a few extra megabytes of space, which most users have in abundance anyway.
Traditional distro repositories also solve these dependencies for the user.
Not really; they will try to automatically download dependencies, but they don’t provide the application with resolution to the correct dependency. So upgrading libssl for one dependency could still break another.
Only if everything you need is in the repository. If you have a application you want to install that doesn’t work with your repo supplied version of library, then you are gonna have fun making it work without messing other stuff up. And end users don’t really want to deal with that. Also disk space today is cheap, compared to the time it takes to learn and fix such issues.
Mainly software vendors.
The fact that you can build a package with all dependences built in etc. Means software vendors can release a product for Linux. Without worring about all the different versions of library’s out there.
This is useful for os when trying to support less common distress. As you are not rellying on the distro to package everything. Then destros that wish to may compile more efficient versions based on there own dependencies can. But other distros are supported if they do not want to compile. Without your team having to compile for every distress.
But it also allows commercial closed source vendors to package once and know every linux system (on the hardware they choose to support) will have the dependencies expected. No matter the distro choice or other software requirements. Removing the issue with supporting every distress. As this is a common reason commercial software avoids Linux. As 100s of different distress divided between a relatively small customer base. Means support is often not cost effective.
There are a few runtimes which provide quite a few things already (for desktop and system integration) and there are a growing number of modules for other commonly used stuff, example ffmpeg (de/encoding) which other flatpaks can reuse. Also flatpak uses OSTREE to try and prevent duplication.
The more the devs work with it the better their packaging and bundeling is gonna get. At the moment it is new and they have to re-learn some things and not everything might be done in the best way possible, but that will improve with time.
And i think it benefits everyone. Devs and distro maintainers dont need to repackage, test and integrate stuff for all distors and users have stuff that has an almost 100% chance of working out-of-the-box that is also quicker with updates/fixes.
IMO, overall an improvement in comparision to the current state with deb/rpm/pkgs/… for userspace applications.