Flatpak flathub: how to only show free and open source apps
- Inicie sesión ou rexístrese para enviar comentarios
once you add the flathub repo, also run this command.
flatpak remote-modify --subset=floss flathub
that will make it so only free libre software can be installed.
> libre software
FSDG compliant distros like Trisquel are committed to distribute libre software only. It would be a good idea to know who is in charge of checking licencing status at a given flatpak repo, and whether those in charge are actually committed to anything. In the case of flathub, how is the "floss" subset defined?
What about verification? There seems to be a verified_floss subset, although the above questions about commitment remain. Always use caution when installing from a third-party repo.
https://docs.flathub.org/docs/for-users/installation#subsets
In the case of flathub, how is the "floss" subset defined?
The used definition considers "floss" some free software that only aims to launch proprietary software. As a consequence, care is required. Anyway, it is much better than having no way to filter out applications that are clearly proprietary, as it is the case in the Snap Store, unless it has recently changed.
Ideally there would be a server where the GNU Free System Distribution Guidelines would apply. That could be done, but requires work. For instance, Fedora administers its own Flatpak repository. With regard to that ability, Snap is again much worse: the backend is proprietary.
What about verification?
As the page behind the link explains:
A verified app on Flathub is one whose developer has confirmed their ownership of the app ID using a uniquely generated token. This usually also may mean that either the app is maintained directly by the developer or a party authorised or approved by them.
Verification deals more with security than with with software freedom.
To be fair, there's software in FSF approved distros that fits that description too. So although it'd be better if that weren't the case I can't really chastise Flathub specifically for doing that
To be fair, there's software in FSF approved distros that fits that description too.
Software in FSF-approved distros that *only* aims to launch proprietary software? I do not know any. Could you please give an example?
Parabola Linux packages Prism launcher, which is a program designed to launch Minecraft. Whether or not this package is packaged knowingly I'm not sure
https://www.parabola.nu/packages/extra/x86_64/prismlauncher/
A nice way to help would probably be to report this to Parabola GNU/Linux-libre. One cannot report a similar situation to flathub, though, because it is not a stated goal of the repo.
Anyway, like the OP, we still do not know for sure how that "FLOSS" subset is defined. Do you happen to have any reference about that?
Also, is there a way to check that the flatpackage was actually built from its alleged source? This is possibly related to the "verified" subset, although there is no clear indication in the documentation whether "verified" implies "built from source".
A nice way to help would probably be to report this to Parabola GNU/Linux-libre.
+1.
Also, is there a way to check that the flatpackage was actually built from its alleged source? This is possibly related to the "verified" subset, although there is no clear indication in the documentation whether "verified" implies "built from source".
The verification only ensures that whoever uploads the Flatpak is somebody having control over the website of the application or a owner/maintainer/developer of the Git repository, if it is all there is. https://docs.flathub.org/docs/for-app-authors/verification describes the process. There are proprietary verified applications on Flathub.
> There are proprietary verified applications on Flathub.
Yes, this is probably why the verified_floss subset exists.
A previous section of the documentation describes the following requirements, but maybe they are more what you would call guidelines than strictly enforced rules:
https://docs.flathub.org/docs/for-app-authors/requirements#no-network-access-during-build
https://docs.flathub.org/docs/for-app-authors/requirements#building-from-source
I've reported this to Parabola, thanks for the suggestion
true, good points made.
i think the way it detects it is that flathub has search filters built into it, and every package says what licence it uses, so it probably just filters it down to the GPL ones and maybe MIT, still im not sure.
my main idea was that it would be a lot better to have this on than not at all, that is if you decide to use flatpak at all, which i find is useful for some apps where its better to have a later version of it like Anki for example.
and that is true, for example there is free and open source launchers for minecraft published under GPL, while the game itself is proprietary.
the idea of a GNU flatpak repo is intriguing a bit though,
but regardless i always like to check out the program's github before installing, see what options i have or if it can be compiled, if its worth using, etc.
P.S: i have never even really had the chance to try snaps since they are proprietary lol