Sell me on Atomic, CoreOS, Flatpaks, and Containers

I’m seeing hints Fedora is moving towards prioritizing those things, and I’ve been actively avoiding them because I find their concepts not necessary.

I have my thoughts on the topics below, and I welcome all clarifications (a lot are assumptions)!


Flatpaks feel like a bulky, entire system (like systemd), filled with unofficial developers (packages still need vetting and thus security concerns), and a larger “solution” than the old-school way of just finding libraries and symlinking them for the rare programs that need that, or running it through Wine

I don’t want to be vetting packages. I don’t want to be having another repo on my computer if I can help it (I already have issue with RPM Fusion). And really the only time I needed a Flatpak was to play Hexen with Doomsday Engine on Fedora 39, and it didn’t even work (didn’t debug it; but it’s in openSUSE’s default repos and works).

I like running stuff as-close to bare-metal as possible. I have problem with the concept of Wayland (like doing libinput → evdev instead of just evdev on Xorg). I have problem with Flatpaks pulling in an entire Mesa library based on some old version the unofficial dev last tested a year ago; yeah it’s cool that it’ll run still, but that’s an incredibly sub-optimal way to go about it.

I also like the best possible performance real-world and in-concept, so any extra layers that are there for compatibility are a no-go for the most part (I tolerated libinput fine until I found I could still force evdev on GNOME 46 on Xorg :stuck_out_tongue: )


I do servers bare-metal and believe security comes from the OS, good sysadmin practices, and traditional physical protection and backup/recovery.

Atomic and immutable distros I feel imply the main distro lacks QA to deliver safe updates, or that the distro can break just by moving the cursor in a specific gesture (unstable).

I’ve done servers with openSUSE Tumbleweed and Fedora Server with unattended daily updates for close to 10 years and never had a broken update or a failed reboot, and generally know not to be doing silly things to be causing boot to fail on servers (like deleting /boot because :person_shrugging: ). I do daily backups too, so if a HDD failed, whatever I manually rebuild and have it back up within an hour or two. So I don’t quite get immutable on servers.

On workstations/PCs, I feel it’s a hindrance to power-users and only for protecting newbies from… deleting /boot because it’ll make GRUB faster. I don’t like this protection as I feel it only continues a growing cycle of not exposing users to how to diagnose traditional issues. I know there’s better wording for that and I’ll come back to it :stuck_out_tongue:

If the distro has good QA, updates aren’t breaking a system. If the distro has good leadership, it’ll provide access to good repos for proprietary or specialized drivers (NVIDIA, ROCm, bleeding-edge Mesa, etc), and these repos won’t be pushing stuff that will break a system. I know Ubuntu is fine. RPM Fusion and that mesa-freeworld ordeal dropped my confidence in Fedora since they also use RPM Fusion for NV drivers (but iirc it was just a NV driver repo so I might be ok with that by itself). Fedora on the Intel UHD 630 I have works fine without anything from RPM Fusion, and the last AMD GPU I had also had a good Ryzen CPU to handle any video I wanted, so I’m fine with Fedora on open-source graphics for now.


I run things on servers on the host OS as-is, and that host OS is running on bare-metal (but I’ll tolerate VMs on VPS). The idea I get of Containers is that it’s another Flatpak, but for server stuff, and running that stuff inside their own (containers) VM.

I use Fedora Server and openSUSE TW and the stuff I run runs with the latest tech. Generally speaking my stuff is mainly a webserver with LEMP, but I was doing this with game servers a while back too and latest GCC. The stuff I run runs with the latest tech, which the distros provides in fast-order; I didn’t need to have a specific outdated version of anything or to lock versions.

If I needed specific older versions of things (like nginx to run a certain extension), then I can maybe understand containers on servers. And if I had to run one thing in a container, I’d try for everything at that point just for consistency. I guess that would be the point of CoreOS?


Most of my view is only as an end-user with a homelab. I like the current Workstation edition being GNOME, it still having an Xorg session, and it not being Atomic.

I can see the appeal of large-scale enterprise needing centralized, consistent software across fleets of computers. And for those ordeals, Fedora is where I’d look first for Atomic distros and CoreOS.

And Flatpak? I can run a repo just for the organization, and it’s convenient it’s already baked into Fedora!

And I suppose containers have to be good enough if Fedora has a whole OS with it in-mind, so if I’m already streamlining everything, containers sound like a plan too!

3 Likes

There are large projects with very small user communities and that are hard to package because distro packages for key libraries don’t enable some key features.
One that I used from 1997 until 2018 was distributed with source and a set of scripts to build libraries with the required configuration. The Julia language is another example that is difficult to package. These projects have user communities that are focused on application of the packages and benefit when all members of the community are using the same binaries even though many different distros are being used.

There aren’t enough Linux developers and packagers to meet the needs of all the niche communities using rare programs. In cases where a distro library failed to enable options required by a “niche” system, you need workarounds like environment modules to ensure that distro software can use the distro versions of libraries while the niche system will use a locally compiled version built with the required configuration. In many fields, the added storage needed for flatpaks is trivial compared to the size of files being processed.

I’ve argued hard with vendors to get them to package their software for Fedora and, for a lot of them, I had to concede that Flatpak makes more sense for them. By creating flatpaks, they don’t need to coordinate with other packagers (who may be AWOL) and they can have one release and have it run everyone.

2 Likes

From my perspective, containers are way more convenient than VMs.
If you use several VMs, you’ll waste a lot of system resources because of the overhead each VM brings with it. Each one brings along it’s entire Operating System, that requires certain resources to be assigned. If you have 15 VMs, you’ll end up having 15 kernels, 15 times the same processes, 15 times the RAM needed, 15 times the CPUs assigned … and so on.

Containers basically are just isolated process trees, think about it as some kind of a more sophisticated change root environment, therefore they use a lot of the host system resources while still being isolated from the host and between each other.

Flatpak and containers have some similarities, however Faltpaks are more or less software bundles designed to blend into your Desktop, Container are meant to offer Microservices that are isolated from the rest of the operating system, just offering a service over a port or something like this to the outside world.

1 Like

I agree with everything.

The answer was already given, it is all about corporate and governative environments. We are testing technologies that may or may not be good for selling services and products in those areas.

I was told you cannot write of “controversial ideas” here so either you have some superpower or you will be censored.
:slight_smile:

1 Like

Fedora Atomic doesnt break. If it gets too random for you, you can reset the system.

this simply does not exist on traditional Linux.

your system is nearly completely independent from itself, it mirrors what Fedora releases.

Exclusions are /var and /etc, which are things that are thought of

Why would I want that over Fedora Workstation? It too doesn’t break :stuck_out_tongue:

Resetting /etc makes sense, but holds a lot of assumptions to other software to handle that gracefully. How do I know app-723 is going to handle having config in /etc on day, and then all of a sudden not having that previously-expected data because of an unrelated OS-side erasing of that data?

Or rather, how can I trust that no other software is going to mishandle that? That might be fine for 100/103 apps, and then a few months down the line I decide to try niche-app 101 and boom, that reset from months ago is now an unexpected issue from a procedure outside of that app’s design, now with a troubleshooting process unique to Fedora Atomic.

What I know works and generally fail-proof is cleaning up data or manually resetting stuff specific to those apps, and doing fresh OS installs every 6 months with Fedora’s release schedule :stuck_out_tongue: and being able to re-apply my configs real-time with updated tools.

1 Like

well, I currently have a broken Fedora system, it is not workstation but KDE, but the issues should be the same

4 Likes

The first issue is related to Rawhide, although it probably happen once every few releases.

The solution to the latter is described in the Fedora Silverblue official docs.

FWIW, the situation related to container native OSTree (and bootc) is even more challenging, but IMHO this is the way forward.

As the the person who wrote the second topic, I have to say that it was my inexperience to blame more than anything else. However, It was resolved pretty quickly with multiple community members giving me answers and a moderator linking me to the explanation in official documentation. A good showing for support and documentation behind Silverblue.

Atomic desktops are clearly different but a lot of that difference comes down to adopting an overall more stable system. To me, it feels like the first time I started using a Linux distro. Sure, we need to relearn some behaviors, but It also incentivizes better habits and hopefully leads to a more sustainable ecosystem.

1 Like

I empathize with this. I’ve used Silverblue for some time in the past. I’m not against the atomic concept but it is a different workflow that I’m not used to and isn’t really something I want to use so I hope fedora keeps them both available for the foreseeable future.

1 Like