I’m new to Linux and recently switched to Fedora Workstation 41 from Windows 11. I’ve embraced the idea of using Flatpak apps and have installed most of my daily use apps as Flatpaks, including Firefox, GNOME core apps (like Calculator, Connections, Boxes, Calendar, Contacts, etc.), chat apps (Discord), LibreOffice, and several development tools (JetBrains Rider, Android Studio, VS Code, Postman).
However, I’ve run into a few issues with Flatpak apps:
GNOME Connections has keyboard mapping issues.
GNOME Boxes doesn’t support USB passthrough.
Firefox occasionally has issues uploading files.
I’ve read that Flatpak is the future and has come a long way, with many people saying it’s stable. But when I ask about these issues, I often get suggestions to use the RPM versions (from Fedora repos) instead of Flatpaks.
I tend to avoid mixing RPM and Flatpak formats, or at least want to have a clear boundary (e.g., GNOME core apps as RPMs and other apps as Flatpaks).
My question is: Am I doing something wrong by using all Flatpak apps? Should I stick to using RPMs for everything, and only use Flatpak when an app isn’t available in the Fedora repos as an RPM? How do you all manage your app installations—Flatpak vs RPM?
I haven’t used Flatpaks in a serious manner since once in F38, but generally speaking I’ve seen others reporting strange issues only seen with Flatpaks, there’s that recent OBS Studio ordeal, and I don’t like the idea of Flatpaks being pushed largely for convenience (it introduces more issues that don’t exist if you know what you’re doing to also be doing things outside of Flatpak willingly ). I feel it’s a safety net shuffling responsibilities where they shouldn’t be.
Both within fedora itself and within each and every flatpak there exist software supply chain questions. There is plenty of risk that software that causes harm, whether intentionally or otherwise, makes onto any system. Now there are some within the population of users who have the expertise to audit and evaluate software and attempt to provide safe, privacy preserving, bug free software to the public.
The question is: who do you trust? The fedora yum repositories have a great story. When I use a fedora packaged rpm I mostly ascribe to it the same level of trust for quality and safety as any other package from fedora.
With a flatpack from flathub I have to do the due diligence of evaluating the software myself including each runtime the flatpak may use. If a project publishes their software on flathub and that project has a great track record of producing safe, high quality product great. Even then I have to be willing to accomodate the very large storage penalty and put up with the difficulties portals introduce and expect that each flatpak has full access to my HOME.
If I have a choice of using a fedora rpm or a trustworthy project’s flatpak I would rather go with the rpm today. For years I have been “sandboxing” by performing different functions under different user accounts which is much stronger than what flatpaks can offer. More and more I have been looking into even stronger isolation using podman rather than flatpak which requires a journey with a steep learning curve.
). I feel it’s a safety net shuffling responsibilities where they shouldn’t be.
Or someones opinion.