[stametseater]

Indeed. The idea of flatpack is to change desktop linux culture by normalizing the installation of 3rd party software, particularly proprietary software that people otherwise wouldn't trust without some form of sandboxing.

Who does this benefit? I can think of two groups of people. 1. Commercial software vendors who want more Linux users to install their proprietary software. 2. 'Transplants', new Linux users who are already accustomed to the Windows/MacOS style of wantonly installing proprietary third party software they downloaded off random corners of the net, and don't want or know to change their habits.

The value proposition for experienced linux users who don't do that sort of thing in the first place is next to nil. The only applications that might benefit from such sandboxing are applications like browsers, which have large attack surfaces and might be compromised while browsing the net. But even this is mostly theoretical, not a realistic day-to-day concern for typical linux desktop users.

[MayeulC]

> The value proposition for experienced linux users who don't do that sort of thing in the first place is next to nil. The only applications that might benefit from such sandboxing are applications like browsers, which have large attack surfaces and might be compromised while browsing the net. But even this is mostly theoretical, not a realistic day-to-day concern for typical linux desktop users.

You are jumping to conclusions here. RCEs are probably more common than you think, and I'd prefer anything that interacts with the Internet to be sandboxed.

Flatpak allows me to easily sandbox Steam games. It provides an easy target to tell user to test against to eliminate distro-specific issues. It allows to run glibc-only software on distributions such as Alpine. It allows me to have multiple versions of a program installed concurrently. It prevents programs from cluttering my home directory, and sandboxing gives me extra peace of mind. As a non-root user, I can also install flatpaks. Ostree also usually makes updates more efficient.

If you use a couple flatpak apps, they are available regardless of your distribution. That helps when working on multiple different distributions.

Use an old-ish debian but need a feature from the latest unstable software ABC? Install ABC as a flatpak, and do not compromise the stability of the base system by enabling all sorts of external, unstable sources.

[Jasper_]

for 6 years you could get root on Debian with the "beep" command

[stametseater]

In those 6 years, how many programs packaged and distributed by Debian were exploiting that?

If you can run the "beep" command, you can also edit the user's environment and from their easily escalate to root anyway. In modern desktop linux, the user is almost always the admin as well, a single person using their personal computer, so getting root is merely a matter of waiting until the next time that user uses sudo/etc. Windows tries to mitigate this sort of attack using secure UAC prompts that are apparently difficult for attackers to emulate, or so I've been lead to believe. But common desktop Linux distros don't require anything like that. Instead, the user has to be cognizant of such possibilities and not run programs from people and organizations they don't trust.