For a long time, I used flatpak packages for e.g. Zoom or Spotify, since Flatpak uses some kind of sandboxing for the filesystem or for networking interfaces (instead of using AUR packages).
Now I am looking into snap. Snap also has these sandbox capabilities plus automatic updates.
I could install Firefox with pacman (from the official repositories), with Snap or with Flatpak. The first has an open source instruction (the PKGBUILD) for packaging Firefox, vs the others where the developer can upload the compiled package. Also, the last two have the latest versions probably earlier than Manjaro Stable branch.
Which source (pacman, Snap or Flatpak) do you use in which circumstance and why? Which do you prefer?
This discussion should not be about which “package manager” is the best
Personally, I try to use as many pacman packages as I can, because those are packaged by Manjaro, for Manjaro.
Snap and Flatpak files are designed as a kind of universal install environment for Linux. I believe they’re sandboxed and designed
Snap are controlled by Canonical (the folks who make Ubuntu). From what I understand, they host the files. Many Linux users have issues with them controlling so much of the Snap landscape.
I belive that Flatpak were designed by Redhat. There are some differences between Flatpak and Snap, but the biggest attraction for a lot of people is that the Flatpak programs are decentralized from a single host.
Flatpak and Snap are good if you want to run programs that need a sandbox environment or you can’t otherwise install them through your repositories. I’m sure others will correct me if I missed something vital.
I found this at Linux-Bibel-Österreich
Another disadvantage of Snap is that such packages contain the necessary dependencies, so the software packages are much bigger when you install a lot of them, which wastes a lot of space - some applications use the same libraries, so they are present in the system more often than necessary. Furthermore, snap packages are usually compressed image files, they have to be decompressed to start, which slows down the start, they are loaded into memory - if you use several of these applications at the same time … Some contain a whole file system, then it will be funny, if you display the file systems in the terminal, you will have 17 or more partitions instead of three (loop).
Eu uso os repositórios oficiais e as vezes o AUR. Já usei snap e recentemente flatpak. Com snap senti mais dificuldade, já com flatpak foi bem fluido e fácil de trabalhar. Achei o snap mais parrudo e muito parecido com os repor oficiais.
This goes so much far than pros and cons of using those packaging forms. I mean, do we want that one company would’ve total control of the packages? I don’t care if it cano* or red*. I use linux because the variety and options and if they take away from me the option part, please stop the train, because I leave it.
I prefer to use internet browsers that are installed by Snap or by Flatpak (there is also the Firefox bin version available for download from Mozilla) because updates to your browser are important from a security aspect. Today’s internet security scene is largely about the interaction between your browser and the website, so you are exposed to threats regardless of what platform you run your browser on.
I prioritize traditional packages (whether prebuilt packages from repositories or with build files from AUR) over Flatpak.
Currently, I use three applications I got from Flathub:
Discord: Unfortunately, Manjaro took too much time to my taste to update the package in their repository, despite the complains. So I took Discord from an alternate, independent source of software. The problem with Discord is that as long as it isn’t updated, you just can’t launch it at all. It’s like if Firefox didn’t launch as long as you do not upgrade to the next version;
Microsoft Teams: Last time I checked on AUR, there were a lot of recent comments about it being kind of broken on Arch Linux. Perhaps Arch Linux (and I assume Manjaro will have a similar issue) is a bit too cutting-edge for Microsoft to keep up? I dunno, but I prefer to go directly for the Flatpak and so far, it works fine;
Flatseal: Last time I checked, the version suggested on AUR is totally obsolete and the maintainer does not really keep up with upstream. Therefore, I went for the Flatpak.
I do not use Snap at all.
Have you checked and adjusted the default permissions given on Zoom or Spotify? The sandbox won’t be helpful if the application is given a lot of permissions (e.g. access to all your devices, access to your home or even broader, etc.) by default anyway. The default permissions are the ones requested by the maintainer of the Flatpak.
On Discord and Microsoft Teams, I had to adjust the permissions so I can upload files from anywhere from my home instead of from a few selected subfolders. The permissions given by default were a bit too restrictive, to the point where it was a bit inconvenient and frustrating (especially when used to the traditional way).
Flatseal is really handy to adjust permissions for applications run with Flatpak, done with a simple and straightforward graphical interface.