If there's one thing you can always count on in the Linux world it's that packaging can be a nightmare. The OBS Studio team are not happy with the Fedora folks due to Flatpak problems and threatened legal action.
  • @xylogx@lemmy.worldEnglish
    1041 month ago

    I feel like OP missed an opportunity to title this post “Fedora Flatpaks Fall Flat”

    Great article, BTW

    • Arthur BesseM
      251 month ago

      Great article, BTW

      I disagree, the headline is clickbaity and implies that there is some ongoing conflict. The fact that the Fedora flatpak package maintainer pushed an update marking it EOL, with “The Fedora Flatpak build of obs-studio may have limited functionality compared to other sources. Please do not report bugs to the OBS Studio project about this build.” in the end-of-life metadata field the day before this article was written is not mentioned until the second-to-last sentence of it. (And the OBS maintainer has since saidFor the moment, the EOL notice is sufficient enough to distance ourselves from the package that a full rebrand is not necessary at this time, as we would rather you focus efforts on the long-term goal and understand what that is.”)

      The article also doesn’t answer lots of questions such as:

      • Why is the official OBS flatpak using an EOL’d runtime?
      • Why did Fedora bother to maintain both their own flatpak and an RPM package of OBS?
      • What (and why) are the problems (or missing functionality) in the Fedora Flatpak, anyway? (there is some discussion of that here… but it’s still not clear to me)
      • What is the expected user experience going to be for users who have the Fedora flatpak installed, now that it is marked EOL? Will it be obvious to them that they can/should use the flathub version, or will the EOL’d package in the Fedora flatpak repo continue to “outweigh” it?

      Note again that OBS’s official flathub flatpak is also marked EOL currently, due to depending on an EOL runtime. Also, from the discussion here it is clear that simply removing the package (as the OBS dev actually requested) instead of marking it EOL (as they did) would leave current users continuing to use it and unwittingly missing all future updates. (I think that may also be the outcome of marking it EOL too? it seems like flatpak maybe needs to get some way to signal to users that they should uninstall an EOL package at update time, and/or inform them of a different package which replaces one they have installed.)

      TLDR: this is all a mess, but, contrary to what the article might lead people to believe, the OBS devs and Fedora devs appear to be working together in good faith to do the best thing for their users. The legal threat (which was just in an issue comment, not sent formally by lawyers) was only made because Fedora was initially non-responsive, but they became responsive prior to this article being written.

  • @non_burglar@lemmy.world
    651 month ago

    The issue is that they are pushing their own version of flatpaks, some of which are broken, instead of contributing to flat hub and making that the default.

    • LeafletEnglish
      461 month ago

      That wouldn’t work. Flathub and Fedora Flatpaks have different goals.

      Fedora Flatpaks must meet legal requirement set by Fedora, so no proprietary or patented software.

      Flathub also encourages upstream to maintain their packages. But upstream may not meet the security requirements set by Fedora. Fedora has much stricter packaging guidelines which don’t permit vendored dependencies.

      • @GrundlButter@lemmy.dbzer0.com
        241 month ago

        That honestly doesn’t sound like a bad mission, but it seems like there’s a couple other requirements they should impose on their mission and then there wouldn’t be any controversy.

        They should require that their package works as well as the upstream, and, in the even that it doesn’t, they need to be very blatant and open that this is a downstream package, and support for it will only be provided by Fedora Flatpaks, and that you may have better results with the official packages.

        The primary issues in this case is that it doesn’t work, and it’s not been clear to users who to ask for help.

    • @just_another_person@lemmy.world
      -201 month ago

      I’m sorry, but you’ve completely missed either the point, or how it works.

      Flathub is really the problem here for not properly verifying package owners/maintainers and allowing them to moderate other versions of their work.

      There honestly just needs to finally be a way to sort official packages from community packages. Right now it’s a mess. Fedora should just take theirs down.

  • @Kazumara@discuss.tchncs.de
    281 month ago

    Ah I’m glad to see the situation seems to have cooled a little.

    See this comment and the three following, as well as this one and the two following. I think they can now work it out between the projects reasonably.

    PS: This more fundamental proposal for Fedora Workstation that started from the OBS packaging issue is also interesting to read. It seems they are looking to make more limited / focused use of their own Flatpak remote in the future since some old assumptions regarding Flatpaks and Flathub don’t hold so well anymore.

  • trevorEnglish
    121 month ago

    Obviously, the best solution is that the gets settled out-of-court. However, Fedora has had a long time to listen to the OBS devs’ request to stop packaging broken software, so maybe they won’t listen to reason.

    Fedora needs to get their heads out of their asses and kill the Fedora Flatpak repo.

  • Peripatos
    61 month ago

    Totally forget that I still was in fedora’s flatpak repo until the news dropped. Took the opportunity to remove and replace it with flathub.

  • @tabular@lemmy.worldEnglish
    51 month ago

    Is there any merit to the claim OBS is using an end-of-life (EOL) runtime and that this is a very bad thing for security?

    • LeafletEnglish
      291 month ago

      OBS continued using the EOL runtime because of Qt regressions introduced in the updated KDE runtime. The OBS team decided the security risk of sticking to the EOL runtime was small, so they didn’t update.

      But that still does mean that users were no longer receiving security updates. Ideally, OBS should have moved to the standard Freedesktop runtime and vendored in the older Qt dependency. That way, the they would still be receiving security updates for everything in the Freedesktop runtime. Then once the regressions were fixed, they could move to the updated KDE runtime and remove the vendored Qt dependency.

      Overall, the risk OBS had was small. But it demonstrates a larger issue with Flathub, which is that they don’t take security as seriously as Fedora. There are hundreds of flatpaks in Flathub that haven’t been updated in years, using EOL runtimes and vendored dependencies that get no updates.

      • @commander@lemmings.worldEnglish
        21 month ago

        It’s important to acknowledge that nothing is completely secure.

        I didn’t know this was an issue for OBS because I’m not experiencing any problems nor am I seeing anyone else.

      • @commander@lemmings.worldEnglish
        11 month ago

        Fedora’s opinion seems to be that upgrading is always the right choice, which we disagree with.

        Ugh, I’m glad people are willing to fight back against these kinds of assertions.

        Regardless of who is right, facilitating and encouraging this kind of discourse is how we end up with better software for everyone.

    • @MonkderVierte@lemmy.ml
      51 month ago

      It’s not that hard to actually follow XDG specifications instead of hardcoding paths.

      Which flatpak itself doesn’t, btw. $HOME/.var for flatpaks is hardcoded, no answer in the issue tracker so far, to the proposal of using the usual flatpak_xyz_dir variable to change the path.

  • @gi1242@lemmy.world
    -121 month ago

    lol. so I guess fedora is pushing flatpacks now? I know Ubuntu was pushing snap, so I guess fedora followed suite with a different standard. yay.

    thankfully arch isn’t getting into this nonsense

    • Coolcoder360
      301 month ago

      Worse than that, the issue the article states isn’t that it’s a flat pack, it’s that fedora is pushing their rebuilt flat pack of obs that’s buggy instead of the official obs one from flat hub that works, and then the obs project is getting bug reports for a third party distribution that’s broken.

      Because fedora isn’t just pushing flat packs, they’re pushing made by fedora versions of them instead of the official builds from the maintainers.

      • @commander@lemmings.worldEnglish
        11 month ago

        Great explanation.

        If I were the OBS devs, I’d make a clear indication on their website when reporting bugs that the fedora version of OBS is unsupported for, well, the reasons they don’t support it.

        It seems way more effective than threatening legal repercussions.

    • @BananaTrifleViolin@lemmy.worldEnglish
      111 month ago

      It doesn’t mean they are pushing flatpaks, but rather for whatever reason they decided to package their own flatpaks.

      Flatpak can support different repos, so of course fedora can host its own. The strange bit is why bother repackaging and hosting software that is already packaged by the project itself on flathub?

      One argument might me the security risk of poorly packaged flatpaks relying on eol of dependencies. Fedora may feel it is better to have a version that it packages in line with what it packages in its own repos?

      I have some sympathy for that position. But it makes sense that it is annoying OBS when it is causing confusion if its a broken or poorly built repackags, and worse it sounds like things got very petty fast. I think OBS’s request that fedora flag this up as being different from the flathub version wasn’t unreasonable - but not sure what went down for it to get to thepoint of threatening legal action under misuse of the branding.

      Fedora probably should make it clearer to its users what the Fedora Flatpak repo is for.

      • LeafletEnglish
        51 month ago

        Fedora already has two “warnings” when it comes to their own packages.

        First, Gnome Software shows a verified badge for all Flatpaks that are maintained by upstream. The Fedora Flatpak does not have this badge.

        Second, when installing a Fedora Flatpak, the label “Fedora Flatpak” shows right under the install button

        Sure, this isn’t perfect. Non-technical users may not understand what these mean. But it’s not like Fedora is intentionally trying to mislead users.

      • LeafletEnglish
        111 month ago

        It’s not distro specific. Fedora Flatpaks are just built from Fedora RPMs, but they work on all distros.

        If you care about FOSS spirit, security, and a higher packaging standard, then Fedora Flatpaks may be of interest.

        If you want a package that just works, then Flathub may be of interest. But those packages may be using EOL runtimes and may include vendored dependencies that have security issues.

          • LeafletEnglish
            71 month ago

            And that’s a perfectly fine position to have. I get most of my apps from Flathub.

            I also think that Fedora Flatpaks should be allowed to exist. And most of them work without issues. They just don’t get as much testing as Flathub since the user base is smaller.

    • LeafletEnglish
      61 month ago

      Fedora has always been one of the flatpak friendly distros.

      No, it’s not like snap. Fedora is not removing RPMs and replacing them with flatpaks. It just defaults to flatpaks. Fedora Flatpaks are built entirely from existing RPMs.

    • originalucifer
      11 month ago

      Ubuntu was pushing snap,

      interesting… ive not seen anything regarding snaps in mint… flatpak is the other option in the software manager