Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I feel like the Atomic Linux approach is already a better fit for desktop usage. Flatpaks for most user software along with other options to install packages with different methods if there are special/legacy requirements.

I think the only negative aspect of the approach is the sheer quantity [1] of package installation options available.

[1] https://docs.bazzite.gg/Installing_and_Managing_Software/



Flatpaks are a potential security disaster where people learn to install software of questionable provenance, not much different from other desktop operating systems where users learn to click past the warning to install binaries found on random web pages.


People will do that anyways if not from 3rd party repos like incredibly popular AURs or PPAs then good old curl | sh.

Flatpaks at least have a sandbox that can be easily configured to protect the user, does not require elevated privileges and get some limited vetting on flathub. Not to mention additional security feature like portals.


I feel like flathub and many App Store-like programs that install flatpaks do a good job showing app permissions, whether the apps are OSS, and whether the developer is verified.

I don’t see how it’s significantly different than the status quo on Windows/Mac.


Flatpak makes it very hard to see who packages what. There are apps that look official, buy are built in third-party repositories.

With distributions packages, there's a bigger barrier to entry which is at least better in avoiding sneaky malware from easily creeping in.


For one thing, barrier to entry is not a security feature. Malware has made its way into paid app stores.

I think someone running Linux wants low barrier to entry as a reason to use the system. They want a system built by communities and not by corporations with walled garden toll booth business models.

But this point is extremely weak either way when you compare to the Windows barrier to entry which is effectively zero. Or you can compare flatpak to Mac users installing software with Homebrew.

I think if you look at flathub there are very good explanations on each piece of software regarding whether the author is verified, what the license and code availability status of the package is, and which permissions are being used when installed. It seems to use relatively strong language to describe permissions features as potentially unsafe.


But its used to create the illusion that linux can be used by typing handymen.


Flathub is VERY transparent which packages are not verified and unlike system packages they come with sanboxing which if correctly configured (also transparently displayed) can mitigate malicious access.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: