No worries! I hope this helps you enjoy Flatpak :)
suprjami
You added the Flatpak repo as a "system" repo with:
flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo
As such, the downloaded applications are stored by the system in /var
like you said.
If you run installs as user installs, eg:
flatpak --user install com.example.appname
Then the application is stored in your home directory, not in /var
.
You can also add the Flatpak repo as a "user" repo, eg:
flatpak --user remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo
Now all installs will behave as if you passed --user
to the install command. All installs will go to your home directory, none will go to /var
The installer lets you do a custom partition layout.
It's fine. I give my systems a 20G or 30G root file system.
If you use Flatpak then make sure you do user installs. If you add the remote as a user remote then all installs are user installs.
If you use VMs then create a storage pool for the disks in your home filesystem. I create a /home/libvirt/
for this.
Basically just be mindful not to fill your root filesystem.
I love XFCE but I use MATE's Caja file manager on mine.
Yes. All Flatpak apps can be used on any distro.
I'm using the Fedora Flatpak Firefox on Debian, because Fedora's Flatpak runtime supports Kerberos authentication, the Flathub runtime doesn't.
No. Neither Intel or AMD provide microcode which meets Debian's definition of "free" so CPU microcode is non-free:
https://wiki.debian.org/Microcode
You might consider that your CPU is already running non-free microcode provided by your non-free motherboard BIOS.
If you have one of these CPUs, it's literally impossible for you not to run some non-free components.
All you're doing is exposing yourself to vulnerabilities in old microcode.
Every Flatpak vendor
So who's that? Flathub and Fedora, the latter of who automate the Flatpak builds from distro packages anyway.
If you're using a smaller distro which is not backed by a huge security team then this is probably an advantage of using Flatpak, not a negative.
aiui apt will compare downloads from repositories against the repository signing key, whereas downloading a deb and installing it manually with dpkg bypasses that.
So theoretically the Debian website could get compromised and provide you a malicious deb package. That has happened to other Linux distros before so it's not entirely unrealistic.
Practically I think that's very unlikely.
I know apt has the --download
option if you'd like to fetch deb packages on the commandline, though I'm not sure if apt compares the package with the key during this process. I hope it does. You could probably run apt in verbose mode and hopefully see this happen.
Some references:
It is pretty nice but ultimately it's just Debian with a slightly different package set and a theme. You can boot the regular live image and set the theme to Adwaita-dark and there's not really much difference.
The live installer sucks.
It is called Calamares, it is not well maintained upstream, and it doesn't support even trivial complexity like LVM or Encryption.
Use the regular install DVD or Netinst. You get to choose your desktop environment in the process.
What have you found bad about bash arrays? I have some simple usage of those (in bash) and they work fine.