• kiwi@kale.social
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    One of the downsides seems like since the developer packages everything together, I’m reliant on them to push out changes. For example if some dependency needs a critical security update then I’m relying on every flatpak author to apply that change and push out a new version. But if I’m installing packages directly, I can update that one package and be done with it across my system.

    • Phrodo_00@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Not all dependencies are packaged by the dev. Flatpacks run on top of runtimes which are basically bundles of libraries (most of the important common ones) that are updated independently. A dev only needs to include libraries not in the runtimes.

      • dylaner@lemmy.ca
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        1 year ago

        That’s why runtimes are the way they are: for most simple desktop applications, they shouldn’t really need much on top of what is already included in the GNOME, KDE, or Freedesktop runtime they depend on. (If you’re curious, flatpak run org.gnome.Platform and poke around). Those runtimes get regular updates within each branch for important bug fixes. Alas, many applications add at least one or two external libraries they need to build / distribute themselves, and some applications add a lot of them. But it isn’t like every application bundles its own libssl or something.

    • TheTrueLinuxDev@beehaw.org
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      In theory, the CI/CD would generate the package automatically when the git repo get tagged for release if they do configure for it, so it should be able to release it rather quickly. For instance, I get endless amount of update from Kate editor on Flatpak, because it constantly get tagged for minor releases.