Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

Here you can discuss every aspect of Debian. Note: not for support requests!
Message
Author
kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#1 Post by kedaha »

I don't really object in principle to either snap or flatpak. Both are in available in the main repository and provide users with a means to avail themselves of stuff that's unavailable from that source. However, I do object to there being no division by software license between free and non-free and to finding a whole bunch of non-free software, which I wouldn't touch with a barge pole, appearing in, for example, apps.kde.org/discover/ via the Discover Snap Backend.
What I propose would be to isolate the proprietary software, like zoom & teams, by putting it all in a separate non-free repository within snap while all the free, DFSG-compliant software, like jitsi and Audacity, would be there by default. In other words, apply a similar repository scheme to that used for Debian itself. I think this could only be done upstream. Similar considerations apply to Flatpak.
As things stand, a quick and easy way is provided to install stuff which can enter and compromise the system like the Trojan Horse of legend. So I think that, as they are now, snap and flatpak might be best left to Ubuntu and similar distros.
Finally, in the words of the poet, "Timeo Danaos et dona ferentes."
"Beware of those bearing gifts," specially when they come encumbered with proprietary licenses and hidden intent.
Your thoughts?
Thank you for reading.
Last edited by kedaha on 2022-02-15 17:16, edited 1 time in total.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Snap & Flatpak Proprietary Software Should Isolated in Debian.

#2 Post by canci »

Yes, please! I'd also like the same to be true for proprietary crap from pip or npm. And not just proprietary, but also stuff that phones home to Big Tech and forces you to take it or to opt out..

> I think this could only be done upstream.

I don't agree. Various distros have custom selected apps in either GNOME Software or KDE Discover.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: Snap & Flatpak Proprietary Software Should Isolated in Debian.

#3 Post by sunrat »

kedaha wrote: 2022-02-15 06:21 I don't really object in principle to either snap or flatpak.
I can see the appeal, but there have already been security issues and the huge runtime dependencies are a major downside. I consider them just "Windowsification" of Linux. I have found no need for any snaps or flatpaks, although I do have one appimage which are a totally different kettle of fish.
So I think that, as they are now, snap and flatpak might be best left to Ubuntu and similar distros.
Agreed. We have already seen a number of issues posted on this forum.
Finally, in the words of the poet, "Timeo Danaos et dona ferentes."
"Beware of those bearing gifts," specially when they come encumbered with proprietary licenses and hidden intent.
Your thoughts?
That's another of the downsides. Should be easy to avoid non-free content in containerised packages but I predict that rabbit hole will just get deeper over time.
Image
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1400
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 79 times
Been thanked: 175 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#4 Post by steve_v »

kedaha wrote: 2022-02-15 06:21Your thoughts?
Thought #1: Snap, flatpak, appimage are all solutions looking for a problem, or solutions to a problem that only exists if people are a) trying to install SNS (or software so buggy it needs patches every week) on a stable distribution or b) trying to install proprietary garbage on a distro that enforces packaging and/or licencing standards.

Thought #2: Having said proprietary garbage available in "app stores" which are enabled by default makes a mockery of the DFSG and directly undermines Debian's reputation for stable, high quality packaging.

IMO snap and co. packages should come with a clear warning that they are not maintained by or for Debian, and proprietary offerings should have their own section, preferably one requiring deliberate user action to enable.
We already require users to enable the non-free repo to install non-free software with apt, the same should be true of any other package distribution channel that is available in a default install.

sunrat wrote: 2022-02-15 10:55proprietary licenses and hidden intent...
I predict that rabbit hole will just get deeper over time.
I'm not usually one for conspiracy theories or claims of malice where ordinary incompetence would suffice, but I recon this one moved from "theory" to "serviceable description of reality" some time ago. The rabbit hole is getting deeper because it is being actively excavated, and the hands on the shovel are those of proprietary interests.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

jmgibson1981
Posts: 295
Joined: 2015-06-07 14:38
Has thanked: 11 times
Been thanked: 32 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#5 Post by jmgibson1981 »

proprietary garbage
Eye of the beholder. I'd venture most users of Open source, Linux in general aren't exactly fanatical about the open/closed nature. Some of us need stuff that open simply cannot provide. I believe in free software but in no way do I feel that proprietary is bad in any way. I use Debian because it is where I started, not because of their commitment to open source specifically.

Personally I think the thing about proprietary software is a bit of a tin foil hat situation. I don't trust companies, but I sure as hell don't trust most people either, regardless of whatever project they associate themselves with.

If an individual cares that much about it they would know enough to research it and find out, they wouldn't need it to be spoon fed to them. But then in this world they have to put a warning label on curling irons that they get hot. Lowest common denominator I guess?

steve_v
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1400
Joined: 2012-10-06 05:31
Location: /dev/chair
Has thanked: 79 times
Been thanked: 175 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#6 Post by steve_v »

jmgibson1981 wrote: 2022-03-21 01:13I'd venture most users of Open source, Linux in general aren't exactly fanatical about the open/closed nature. Some of us need stuff that open simply cannot provide.
Sure, and people who need it are and always have been free to enable the non-free repos if they wish.
jmgibson1981 wrote: 2022-03-21 01:13Personally I think the thing about proprietary software is a bit of a tin foil hat situation. I don't trust companies, but I sure as hell don't trust most people either, regardless of whatever project they associate themselves with.
There's an old adage: Trust, but verify.
The problem with proprietary software is that in most cases you cannot verify, either because the source is unavailable or because reverse-engineering is prohibited by the licence, often both.

If people want to take that road, that's their choice. But it should be clearly signposted just like it is in the main repos, not offered in a one-click no-warning easy-mode software store.
Debian is built on free software, and free software should be the first option offered for additional components. Not the only option perhaps, but it's definitely a sane default.

As for proprietary offerings being garbage, I'm sure that's not always the case... But just run a couple of microsoft .debs through lintain or check the bug reports against nvidia's proprietary drivers and you'll see what I mean.

jmgibson1981 wrote: 2022-03-21 01:13If an individual cares that much about it they would know enough to research it and find out, they wouldn't need it to be spoon fed to them.
Conversely, if an individual doesn't know there's a difference, how are they going to find out if everything is mushed together in the snap store? At least label the stuff as what it is, FFS.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#7 Post by canci »

I don't object to proprietary software being present in some form. If I'm really honest, maybe I'm free of proprietary user-facing programmes, but I still use hardware that has proprietary firmware or drivers.

But I'd be totally happy if gateways to proprietary stuff or components that phone home like snap/flatpak/Chromium/npm/maybe even pip if that's applicable, reside in contrib or non-free. That way people could install a truly free system if they desire. I haven't given up on the idea of one day using truly free hardware that can just live off free software, so I'd probably be disappointed if I suddenly had a ton of available software that can just install proprietary stuff by accident.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#8 Post by kedaha »

Install proprietary software on Debian? Before you trust it always remember the fable about the trusting frog and the scorpion crossing the river:
Image
From wikipedia.org/wiki/The_Scorpion_and_the_Frog.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#9 Post by LE_746F6D617A7A69 »

jmgibson1981 wrote: 2022-03-21 01:13 Linux in general aren't exactly fanatical about the open/closed nature. Some of us need stuff that open simply cannot provide.
The Linux project is indeed not "fanatical" about closed source software, but You are wrong regarding the open source -> Open Source means that the source code is open - nothing more.
Did You mean Free Software? - this is a different kind of animal.

The only reason for which some of Linux users *have to* use non-free software is because the hardware manufacturers are refusing to deliver product specification - which is illegal in the theory, but tolerated in practice.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#10 Post by canci »

LE_746F6D617A7A69 wrote: 2022-03-21 22:20illegal in the theory
Where is it illegal? Never heard of that.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#11 Post by LE_746F6D617A7A69 »

canci wrote: 2022-03-22 07:22
LE_746F6D617A7A69 wrote: 2022-03-21 22:20illegal in the theory
Where is it illegal? Never heard of that.
Documentation is part of the product - in the sense, that You can't fully utilize the product without having the documentation.
Without documentation, the product is *incomplete*.

Instead of providing documentation, companies like NVidia are threatening the customers in the EULA, by saying that the user has to accept the product "as is" (incomplete) or he will have to stop using it.

Of course, most of End Users prefer convenience over preserving their rights - that's why this works.
Last edited by LE_746F6D617A7A69 on 2022-03-22 11:49, edited 1 time in total.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#12 Post by canci »

I don't think that's true. Every package has its documentation and license agreement in the package, typically under /use/share/doc/ .

And I still don't see how there's anything illegal about that.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#13 Post by LE_746F6D617A7A69 »

canci wrote: 2022-03-22 11:48 I don't think that's true. Every package has its documentation and license agreement in the package, typically under /use/share/doc/ .
What package? :roll:

In practice, the only proprietary software used in linux OS are device drivers and firmware.
There would be no need for this, if the HW manufacturers would provide documentation for their products.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#14 Post by canci »

Proprietary software in non-free is packaged as a deb file and they all come with documentation.

Is that eye-rolling something you should get checked out or are you 12 years old?
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#15 Post by LE_746F6D617A7A69 »

^ OK, it looks like we have a total misunderstanding here -> let's try again:
jmgibson1981 wrote: 2022-03-21 01:13 Linux in general aren't exactly fanatical about the open/closed nature. Some of us need stuff that open simply cannot provide.
Free/Open source Software can provide every single functionality that is currently available in proprietary software, and much more.
The problem is that many HW vendors are selling incomplete products -> they are refusing to provide the documentation, so it's impossible to write the open source drivers.
Instead, You have the EULA, which basically tells You, the customer, that You have no rights.

Without documentation, no client can fully utilize the device - because many functionalities are hidden behind the binary blobs.
The fact that there are only proprietary drivers available for some device is not a benefit - it is a flaw.

Is this illegal?
F.e. in every EULA there's a statement, that product properties/functionalities can be changed without asking You (the owner?) for permission, and that You can't use the device without accepting the EULA - and that's not a joke.
I would say that almost every EULA contains abusive statements/terms of use, which are *apparently* illegal - but nobody is reading the EULAs, and the Earth continues to spin.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#16 Post by canci »

EULAs are perfectly legal in many countries around the world. Many court cases have confirmed that. People read EULAs, or not, and then they agree to them.

You could argue that a lot of it is opt-out instead of opt-in and maybe if someone had the time and money, you could sue companies for doing that.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

sgage
Posts: 86
Joined: 2013-03-10 21:00
Has thanked: 1 time
Been thanked: 2 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#17 Post by sgage »

To me the problem isn't one of making non-free software available. The problem is one of transparency - I want to know if a program is proprietary/closed or phoning home and so forth, up front, before I install it. If that is all right there in the program info in whatever 'app store' one is using, fine. Choice is great, and if people want to use stuff that I would never use myself, that's their business. But it has to be informed choice, in advance.

User avatar
Trihexagonal
df -h | participant
df -h | participant
Posts: 149
Joined: 2022-03-29 20:53
Location: The Land of the Dead
Has thanked: 20 times
Been thanked: 16 times
Contact:

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#18 Post by Trihexagonal »

What's wrong with apt? That's all I've ever used.

It's where all the 3rd party software on my Debian-based boxen comes from and I'm not missing out on anything.

Except why I should use snap or flatpack instead of apt.
When Darkness takes everything embrace what Darkness brings.

jmgibson1981
Posts: 295
Joined: 2015-06-07 14:38
Has thanked: 11 times
Been thanked: 32 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#19 Post by jmgibson1981 »

But it has to be informed choice, in advance.
The only way one can make an informed choice is to read the code themselves. If you can't read it then you can't make an informed choice. It's a matter of who you trust. Calculated risk either way. Neither is particularly better than the other. Everyone has a price.

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Snap & Flatpak Proprietary Software Should Be Isolated in Debian.

#20 Post by canci »

jmgibson1981 wrote: 2022-04-09 00:11 The only way one can make an informed choice is to read the code themselves. If you can't read it then you can't make an informed choice. It's a matter of who you trust. Calculated risk either way. Neither is particularly better than the other. Everyone has a price.
Exactly, and auditing that much code is obviously not feasible for anyone.

But on another note, wouldn't it be more feasible to turn this circle jerk here into an effective proposal for Debian? For instance, we could petition Debian devs to put Snap and Flatpak into contrib, so we could at least have the implicit warning for everyone who wants to stay away for stores that don't separate licences cleanly. Also, I think that Gnome Software and KDE Discover should give ample warning about Snap and Flatpak to users with a pop-up, as they are very likely to be the main avenues to software for beginners. Ideally, installing and running Snap/Flatpak for the first time should give you a warning in the terminal that you might be installing non-free software.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

Post Reply