Sign in / up

back to article OBS-tacle course: Fedora and Flathub's Flatpak fiasco sparks repo rumble

A clash over different Flatpak-packaged versions of OBS Studio highlights problems with distro-maintained software repositories versus external ones. The dispute between the Fedora Project and the collective behind OBS Studio has been settled. For now, peace has been restored, but the situation has shed light on several …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. mark l 2 Silver badge

    I am not sure why Fedora maintainers felt like they needed to have their own Flatpak version of OBS when an officially verified one from the OBS devs was on Flathub.

    Even if they felt the Flathub verification policy wasn't as good as their own, its clear that the OBS version on Flathub is the official one and not a security risk to Fedora users.

    9 0 Reply
  2. Mockup1974

    >Fedora sets its own repo to have priority over Flathub, and it's not that easy to change the priorities. Users need to type a long gsettings command in the terminal.

    Imagine using GNOME! In KDE Discover, it's done with one click.

    7 0 Reply
    1. VLSI
      Reply Icon

      It's a switch on F-Droid too, and a QR code to add a repo. You can pick which repo you'd like to install an app from on the app page.

      Honestly, distros should just focus on testing and development, making sure everything works, rather than worry too much about packaging unless there's no choice. If they make sandboxing easy, even damage from scam apps can be limited.

      2 0 Reply
    2. Liam Proven (Written by Reg staff) Silver badge
      Reply Icon

      > Imagine using GNOME! In KDE Discover, it's done with one click.

      GNOME is about radical simplicity.

      KDE is about making every options the developers can imagine available even if that means 42 different options for something that other desktops have 1 button for.

      https://koplowicz.com/content/kde-vs-gnome-2

      They are both wrong, IMHO, and the only sensible usable option that's in active maintenance is Xfce.

      But yeah... KDE wins this particular round.

      Also, remember, GNOME is from Red Hat. RH is part of IBM.

      IBM did not fit reset buttons to its PCs because a reset button means that IBM is admitting that its PCs crash, and the company cannot admit that.

      So, when it crashed, because it's a PC, and PCs crash, you had to power-cycle it. That takes 10-20x longer and if you rushed it you could crash the heads of your hard disk.

      But IBM could not build in a feature that admitted that its products were imperfect. The company culture forbade it, even if that made it worse for users.

      Red Hat's company culture is not entirely different. It has an in-house reality distortion field that compares to Steve Jobs' one.

      13 3 Reply
      1. An_Old_Dog Silver badge
        Reply Icon
        Windows

        IBM & PC Reset Buttons

        IBM should have just provided a PC reset switch, and labelled it "IPL". Problem solved!

        ("IPL" is IBM mainframe-speak for "Initial Program Load".)

        3 0 Reply
  3. Graham Cobb

    Surely users can understand the choice between slow-but-sure and sexy-but-edgey?

    OK, I don't use either OBS or Fedora, but this problem has been around ever since distros were invented. I don't think users find it hard to understand the choice between a safe, stable, supported but rather old release and a new, sexy, but buggy release.

    All this issue means is that (i) distros should make it easy to switch between using the latest distro version of an app or the (main) non-distro version, and (ii) the distro should commit to tracking serious upstream bug-fixes and incorporating them into their version of the package (or, if that is going to be too hard, dropping the package from the distro).

    All I ask from my distro is that the packages it ships are supported, with critical (particularly security-related) bugs fixed in a timely fashion. If I want the latest sexy upstream features I can uninstall the distro version and install the flatpack version.

    Of course, it would be nice if the distro made it easy to select, on a per-package basis, whether to use the distro version or the upstream version. Preferably in a standard way for all packages that choose to participate.

    5 1 Reply
    1. Liam Proven (Written by Reg staff) Silver badge
      Reply Icon

      Re: Surely users can understand the choice between slow-but-sure and sexy-but-edgey?

      > Surely users can understand the choice between slow-but-sure and sexy-but-edgey?

      *Laughs hollowly*

      https://www.reddit.com/r/ProgrammerHumor/comments/lb0xi7/apparently_its_an_old_one_but_i_hadnt_seen_it/

      9 0 Reply
      1. corb
        Reply Icon

        Re: Surely users can understand the choice between slow-but-sure and sexy-but-edgey?

        Pretty much every day I see at least one post telling someone who is thinking about replacing Windows with Linux that they should use Debian Stable, that it's peaches and cream. But no one ever asks them "How new is your hardware?"

        Not only are newbies *not* going to get the sexy new stuff from Debian, they might not get a workable machine. E.g., I have a Raptor Lake Dell laptop and a Lunar Lake Dell laptop. On Stable, there's no sound on the Raptor Lake. The hardware isn't recognized. I cant get a bootable install on the Lunar Lake. I could do a backports dance but that's not something anyone should recommend to a new convert.

        9 1 Reply
        1. Yankee Doodle Doofus Bronze badge
          Reply Icon

          < "How new is your hardware?"

          This is a good question to ask for sure, but the vast majority of people who are looking to replace Windows are not on new enough hardware that this will be an issue.

          That said, Debian Stable is great but I generally suggest Ubuntu or something based on it (most often Mint) for any who are looking to try ditching Windows. The ease of install, better hardware support, and the 5 years of OS support that many LTS versions give you, yield a better experience for those who just can't be arsed to fight with their OS.

          5 1 Reply
        2. O'Reg Inalsin
          Reply Icon

          Re: Surely users can understand the choice between slow-but-sure and sexy-but-edgey?

          Thumbs up for Debian stable! From Ubuntu24 the installer no longer allows installation to existing LVM encrypted partitions. Which means to install Ubuntu24, you have to now let Canonical handle the encryption. But Debian allows it. So I switched to Debian.

          Moreover, even if Debian doesn't have all the newest, a Docker container with an Ubuntu base can do it, and leave Debian environment clean. Or Flatpack, or Snap. Ubuntu as the main distribution no longer has that advantage.

          Pretty sure I'm getting a faster bootup with Debian.

          2 2 Reply
    2. kmorwath
      Reply Icon

      Re: Surely users can understand the choice between slow-but-sure and sexy-but-edgey?

      That's why Linux is not on every desktop. As long as Linux fans believe every user is someone worshiping their computers and knowing each and every distro and software release/chabgelog, it's going nowhere. They know a product name, and look for it in the simplest way - that's why even under Windows people downloaded software from unreliable but at the top of web searches, instead of downloading them from the official web site. At least there it was their fault, the OS didn't offer another version by default.

      Moreover, production stable release from the original developer doesn't mean to be "edgy".

      4 5 Reply
  4. Anonymous Coward
    Anonymous Coward

    Gross. No matter how simplified tech is made, the mouth breathing plebs still fsck(8) it up.

    1 8 Reply
    1. Liam Proven (Written by Reg staff) Silver badge
      Reply Icon

      > plebs still fsck(8) it up.

      As DNA put it:

      To summarize the summary of the summary: people are a problem.

      8 1 Reply
  5. Steve Graham

    You didn't explicitly spell it out, but the mention of scam apps suggested to me that cross-distribution repos are a juicer target for attackers than distribution-specific ones.

    4 0 Reply
    1. Liam Proven (Written by Reg staff) Silver badge
      Reply Icon

      > cross-distribution repos are a juicer target for attackers than distribution-specific ones

      Important note: don't mix up cause and effect here, but yes.

      It is a lot of work to get a package into a distro, especially Debian. The distro will keep the source, build it, package it, and ship it. I am told it can take years, and developers often complain about distros shipping old versions. Even FOSS heroes like jwz:

      https://www.jwz.org/blog/2016/04/i-would-like-debian-to-stop-shipping-xscreensaver/

      This is one of Fedora's selling points: faster turnaround, new ver every 6mth, fresher packages.

      But anyone can create an account on Snapcraft or Flathub, upload something, and if it passes the bots' checks, and maybe a human glances at the name and description and it looks OK, then it's published, much like a Facebook post.

      (The Flatpak fundies will probably scream at me for this, as they did at Matthew.)

      It's quick and it's easy and because stuff is sandboxed and isolated and all that, the evangelists think it's safe.

      As Snap's fake crypto wallets have shown, it is not safe.

      So, yes, IMHO, they _are_ more dangerous and if you are judiciously cautious and running production servers, you probably won't allow this stuff on your box.

      6 0 Reply
      1. Teal Bee
        Reply Icon

        Good points, although there's a big difference in the details.

        The Snap store (and CLI) prominently displays whether a snap is official or not, whereas Flathub obfuscates this information and users have to actively look for it.

        0 0 Reply
  6. O'Reg Inalsin

    Isn't the "fake" part redundant?

    Fake crypto wallets for fake currency. Ha ha. As long as they don't let it into the banking system ...

    5 0 Reply
  7. Nathan 6

    This is the year of desktop Linux ...

    Hmmm, well after years of Linux vendors pushing their own software packaging systems, they now added these bloated universal packaging system which yet again are not even consistent across distros? Yes, definitely going to be the year of Linux desktop for sure Lol.

    1 2 Reply
    1. Liam Proven (Written by Reg staff) Silver badge
      Reply Icon

      Re: This is the year of desktop Linux ...

      No.

      1. As I have said before, the year of Linux on the desktop was 2017. That's the first year Chromebooks outsold Macs, in revenues not number of units. (Which means, as Chromebooks are much cheaper, a *LOT* more Chromebooks.

      2. ChromeOS solves this problem: you can't install 3rd party apps. The end. Hasn't slowed it down.

      3. Diversity is good. Between Snap, Flatpak, Appimage, 0install, etc. there are multiple different approaches. *That is a good thing.* It means they can compete and let the best system win.

      People in prison are often scared of freedom, in ways that seem laughable to those outside.

      9 1 Reply
  8. david1024

    Urm

    This has happened before and it will happen again. There are different package techs and paths for them out there. Rpm, debs, snaps, etc... All have similar issues where 'upstream' has a version, but if you want one that works... You have to pull from the actual project's ppa, rpm+sig, etc..., To get working items. Friction and lube are part of the game and have been for decades.

    Glad they worked it out--better for everyone!

    1 0 Reply
  9. Teal Bee

    Misleading statement

    The article states: "the official Linux package is a Flatpak" ,but this is not at all what the linked download page from OBS says – it mentions Ubuntu packages in the same sentence.

    Poor reporting.

    0 1 Reply
    1. FeRDNYC
      Reply Icon

      Re: Misleading statement

      The linked page opens (in infuriatingly center-justified text),

      OBS Studio is officially distributed as a Flatpak on Flathub and a PPA for Ubuntu 24.04 and newer. For other installation methods, including unofficial packages, click here.

      Flatpak Instructions

      You can install OBS Studio from Flathub here.

      If your distro is not already set up to install Flatpaks, you can follow the instructions here.

      Ubuntu Instructions (24.04+)

      It's clear that the primary distribution model is their official Flatpak build, though they maintain a PPA as well because Ubuntu users cling to their 10-year-old distribution installs. Bluntly characterizing a reasonable summary of the offerings as "poor reporting" is you being either disingenuous or unreasonable. Fortunately, it's also rude enough that I have no real desire to waste any more of my time figuring out which.

      0 0 Reply
  10. FeRDNYC

    The article is only tangentially about this, but...

    I absolutely cannot understand the mindset of Linux users who glom on to "Long-Term Support" distributions like Ubuntu and RHEL/CentOs/Rocky — systems where the library support and system interfaces are frozen in time for the entire 3, 5, 10 years that the distro is supposedly supported — but then they want to run the latest, greatest software on them, and expect it to Just Work™ despite all of their system libraries being 7 years old. It's even worse when they expect brand-new code to support being BUILT on those ancient systems, using the crazy out-of-date dependency versions available.

    It's not JUST that it seems like it's defeating the entire purpose of an LTS distro, to want to install unproven, bleeding-edge software on it. The thing that really bothers me is that it ends up holding back development of projects because they feel like they have to keep supporting all of these ancient environments.

    Plenty of open-source C++ projects avoided using anything more modern than C++11 until earlier this decade, because Ubuntu 16.04 shipped with GCC 4.8 (no --std=c++14 support) and didn't reach end-of-life until May 2021. Those same projects no doubt have been avoiding using any C++20 features, for fear of tripping up the all of the GCC 7 users still running CentOS 7 (despite it reaching end-of-life last July.)

    A Python project I'm involved in still won't incorporate any code that requires Python 3.9 or higher without gating it behind version checks, because while 3.9 is the earliest release that's still officially supported by the Python project itself (until October), the package download statistics still show a significant percentage of Python 3.8 users, even more Python 3.7 users, and a continuing trickle of Python 3.6 users. Even though Python 3.6 has been out of official support since December 2021, it's the version that Ubuntu 18.04 shipped with, so there are going to be people clinging to their Python 3.6 installs until that distro finally ages out of our misery in 2028 (f---ing Extended Security Maintenance!) and we can finally pry it from their cold, gnarled, ancient hands.

    My take is, if people want to run 10-year-old distributions, they need to resign themselves to running 10-year-old software on it. So that the developers of that software, who have continued development over the many years that the distro was frozen in time, can soar on the wings of a more modern codebase, without the LTS anchor dragging them back into the dirt. (Or whatever florid metaphor you prefer.)

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like