How does Silverblue fit into the future of Fedora?

Continuing the discussion from Fedora in 2025: what do we want, and how will we get there?:

OStree-based host is default.

1 Like

This is an interesting prospect but it requires a lot more work on flatpak and the accompanying portal APIs, which currently cover the easiest 80 percent of use cases. Software in the remaining 20 percent can’t yet be sandboxed without losing important functionality. Besides the IDEs or programs with advanced printing or scanning capabilities, there are many corner cases such as browser extensions for sandboxed browsers or process tracking, or managing keyboard shortcuts.

1 Like

Silverblue seems to often be mentioned as a future goal for Fedora. I understand the appeal of an immutable base. It may be great for regular users but as a developer this seems like a horrible experience. Feel free to correct me if I wrong. Articles seem to suggest you install graphical applications with Flatpak and use toolbx to create containers if you need to do development. Wouldn’t this mean that if I’m working on a graphical program and use a library that is not in Silverblue I can’t run my program easily.

Given the recent log4j bug, there is an advantage to keeping only a single copy of library around but flatpaks would proliferate libraries not included in the flatpak base. @casey128 mentioned the difficulty is getting the remaining features in flatpak. I’ve already found Fedora’s preference for flatpak to be annoying. I installed Evolution and had no accounts setup because it put it config files in a different location. I installed Gimp and found screenshot is not available.

I was surprised to learn we aren’t even getting the security we were sold.

I probably should install Silverblue in a VM to try it out.

1 Like

Those are the kind of kinks that should be ironed out before Silverblue can be made the default experience. Anyway, maybe for your use case you could install all your libraries and tools inside toolbx and launch them from there, since you can launch graphical apps installed in toolbx without issue.

That article you mentioned is mostly FUD. Some criticisms are fair, but in any case flatpak is better than what we have now from the end-user perspective. It should be noted that flatpak is only used for user apps, not system libraries.

Even though most flatpak apps come with very open permissions for convenience, nothing prevents you from restricting them right now, even with a GUI by using Flatseal, and nothing prevents us from restricting those permissions by default through Flatpak portals and asking for confirmation from users before installing apps with too many permissions. You might be interested in this podcast where the director of EndlessOS responds to the fair critics on that article.

2 Likes

Good to know toolbx can run graphical apps. I guess I really should give it a try. It sounded like it brought you into a container where you could do only command line stuff.

I’m still not sold on most programs use one of five runtimes.

Fedora rpms have the added effect that I can look up how to build the program from the source rpm. In a world where developers package their own programs we could end up with more things being open source in theory but in pratice you can’t build it. Granted the podcast is right no distro can build the full volume of software out there.

2 Likes