On Fri, Jul 12, 2019 at 09:33:44AM +0300, Georgios wrote: > Hi there! > > Based on security and stability i was wondering what is more preferable? > > Installing apps through flatpak or through debian repositories?
I trust Debian at packaging software, correcting obvious software defects in the process, and supporting the unchanged behaviour of the software during the lifecycle of the stable release while providing the bugfixes. For the typical software developer (especially those who write "apps", not "programs"), maintaining a stable version of their software is a burden, and a "security" is an unfamiliar concept. > Repositories: > > -I was thinking that in repositories you have old software that gets > bugs fixes. But what about old software that it isnt supported? By the upstream, you mean? If it's a security problem it will be get fixed or the package is excluded from the archive. > Are fixes backported etc? Of course, if it's feasible. If it's not - software version gets bumped (browsers, samba, wireshark to name a few examples). > How fast? Faster if the maintainer gets help. From the users of the software, for instance. > -Doesnt offer easy sandboxing like flatpak Which is only need for the untrusted software in the first place. Crucial for the task flatpak was designed for (delivering desktop "apps" taken from random places at Internet), but is something one can easily avoid by using a trusted software in the first place (i.e. Debian main archive). > -Apparmor can restrict applications Yup. And it's a useful compromise between security and usability. The main problem of apparmor is that it uses targeted approach (every policy is linked to executable) instead of more correct labeled approach like MLS SELinux policy does. > Flatpak: > > -sandboxing See above. > -Propably bug fixes are faster if the developer support flatpak distribution Alongside with behaviour changes, possible incompatibility to previous versions, and of course - fresh new bugs. > -No Apparmor. True. But if it bothers you consider using SELinux, which does offer something in this regard. The problem is - you choose wrong distribution if you need SELinux (it's barebone basic in Debian). > -are the latest applications stable enough? LOL. Why do you think they invented version stabilization in the first place? If you like to live on a bleeding edge you have to bleed sooner or later. Reco
