Alright, so I will have to enable RPM-Fusion and install codecs from RPM-Fusion.
Is RPM-Fusion more secure than flathub / flatpaks?
Less experienced users should try to stick with the most widely used distribution methods as there are more users who can help if they have problems.
RPM Fusion is more widely used, so may get more attention from bad actors than the others, but also gets more eyes that might see potential issues. Some applications put effort into the alternative cross-distro packaging so get more eyes from users across many distros as well as attracting attention of bad actors.
Alert to @frankjunior (from a long time Fedora Discourse user) :
- Please do not use the Project Discussion category as long as you are not a member of any of this Teams and WG’s you are adding to the Discussion. This category is reserved for (Hover over the Project Discussion under the Topic and it clearly states for whom this Category is):
Project Discussion
Discuss any aspect of the Fedora Project here! This space is organized by tag, and each tag corresponds to a Fedora Project Team (including Special Interest Groups and Working Groups). See the high-level mindshare and engineering tags for broad topics.
This Project/WG/IG Project Discussion #tags are used to notifier other members of other/same group/teams.
In your case there is the option to use the The Water Cooler and their tags.
This is not an official Moderation message! IF you as a member of such a group feel bothered about such Project Discussions highjacks, you can flag this kind of Topics in the Original Post and select “other” and mentioning the disturbance of your workflow. This will create official Moderation actions! And can cause a block/ban of an notorious repeated knowing ignorant, who has also reached TL3 level and knows what these administrative tasks entail.
</alert> # end of Alert
RPM Fusion
RPM Fusion provides software that the Fedora Project or Red Hat doesn’t want to ship. That software is provided as precompiled RPMs for all current Fedora versions and current Red Hat Enterprise Linux or clones versions; you can use the RPM Fusion repositories with tools like yum and PackageKit.
RPM Fusion is a merger of Dribble, Freshrpms, and Livna; our goal is to simplify end-user experience by grouping as much add-on software as possible in a single location. Also see our FoundingPrinciples.
Above the introduction on the RPM-Fusion page. Just to support what @gnwiii said. Focus the attention on one single place to concentrate and make it more simple for the end-user in the RPM/RHELl universe.
Without any judgment of what is better, the basic difference between RPM packages and a flatpak:
-
RPM:
1.1. Package of a Single Application with dependencies for other Applications on the same version level of the OS, this means a F41 Package is not necessary working on a F42 and viz versa. The dependencies change from versions to versions and new functions getting build into the newer OS version or obsolete apps with dependencies get removed/retired. -
Flatpak:
2.1solves the dependency issue of different Fedora OS version while deliver the dependencies in separate OS version packages. In gnome they are called “Gnome Application Platform” and every version has its own.
2.2 Beside of that, you also have packages for the app separated for every Gnome/Fedora version. This means Flatpak is organized so, if you upgrade to a higher version, you still can run a app from F41. It will be changed as soon as the newer package is available. This means, if you not auto update, you can quite get a lot of unnecessary flatpaks you do not really use.
2.3 When I am not mistaken, if you install from the official Fedora flatpak sources or, from the Flathub source, you get packages mentioned above more than once. So nobody needs to be a Mathematics genius to see that some GB gets accumulated.
About security with both RPM & Flatpak, it really mostly depends on the user which uses this technologies, and how much they know about it.
Thanks for that detailed answer.
One thing I would argue is that flatpaks come in their own sandbox while everything from rpm-fusion gets layered directly into the system and even without a sandbox.
That sounds to me like flatpaks would be more secure?
Flatpak’s seccomp filter does not allow Firefox to spin up the browser’s chroot and namespace sandbox layers, which is way more important than the rather weak Flatpak sandbox and the reason why you should not use browsers as a Flatpak.
Yes, on Atomic desktops like Silverblue. On a RPM Workstation even more a problem. That is why I mentioned that a user needs to know what he does. Unfortunately a lot of users try to put this responsibility on the Project, instead of having a own strategy to protect them selves a bit more.
As an example, say to use a secure password with 20 or more characters, numbers & letters. But while the Password is Complex to memorize just make a post it and tag it on the screen or under the Keyboard. It might protects you from Network attackers with the objective to guess it using a dictionary. This extra layer of security has a hole and this are the additional eyes which can se the note. I guess the dilemma is understandable, right?
This is relative, it depends on the perspective how you see it.
As an Example you might have a brand new computer with 32GB ram, Nvme with 1TB and a fast enough processor to handle all that stuff. While a second user just uses an older i5 processor with 8GB Ram and a SDD with 120GB. This user might not says it is just “a Bit Bigger”.
“Stuff Just Works” is not an argument which gives everyone the freedom to use or not to use it. There are unofficial flatpaks (from other sources than Fedora) Which you can use, while connecting to the Flathub. If this are secure or not you have to decide for your selves while also reading @powerhouse es comment.
Sorry guys i have to move this to watercooler area
1 Like
Actually I think Mozilla provides generic DEB packages.
The day Fedora enforces flatpaks on everybody is when I would have to move elsewhere.
Apologies for the late reply, yes I agree with you. My post was confusing, I meant people are put off by the Flatpak version not have User Namespaces sandboxing.