I recently moved my work machine from Windows to Linux and chose Debian Trixie + KDE Plasma for the stability. The advice is that if stability is your priority, you should try to avoid breaking Debian. I understand that adding third-party sources can cause dependencies conflicts, and must be avoided at all costs. I also understand that Flatpaks, AppImages, Snaps, and Docker/Podman images are safe because they don’t interfere with the system dependencies. So far, so good. What I don’t understand is what happens with other ways of installing software (eg .deb, tarballs).
I know it’s a contentious subject but if stability is the priority, how would you rank different methods? I may be wrong but my take is:
Debian repository > Flatpak > Appimage > Docker/Podman > Snap > tarball
To be avoided: .deb for Debian > .deb for Ubuntu > PPAs
Eg Viber is available as an official AppImage (with certain bugs), unofficial flatpak (with other bugs), and an official .deb for Ubuntu (which is probably a bad idea for Debian anyway). Viber support told me they don’t support my OS.
I daily drive Debian and have a few loose .deb packages and tarballs installed. Also enabled the Librewolf repo. It mostly comes down to an issue of manageability and possible conflicting dependencies. The ones I have installed don’t introduce any dependencies, so they’ve been trouble-free and have survived the Bookworm to Trixie upgrade. They are installed as a last resort option in the absence of a satisfactory equivalent via the official repo, Flatpak, or AppImage.
Loose .deb packages can be installed and uninstalled like any other normal Debian package, but won’t be automatically updated and don’t have any compatibility guarantee. Tarballs are nothing more than a collection of files, which may need to be placed in system directories. You’re on your own for those since there’s no standard and automated way to manage them and it’s possible to overwrite important system files if unpacked and copied in blindly. It’s a good idea to keep a manual record of what was put where in case any issues with them pop up down the road.
My personal ranking:
Official Debian repo > Flatpak > AppImage > Docker/Podman > Snap >> Reputable and known compatible third-party repo > Loose Debian .deb > tarball > Loose Ubuntu .deb >> Unfamiliar third-party repos and PPAs
There are certain occasions where a loose .deb or tarball won’t hurt, but sticking to options further up the list closes off the biggest routes of breaking Debian.
This ranking is very close to how I see this. Anything after Docker/Podman is out unless I absolutely need an application in which case keeping a record of dependencies is a good idea. But I want to know the work system will absolutely start in the morning hours from a deadline. Avoiding single points of failure is another way of course (ie multiple systems, OSes, backups, password managers etc).
If the goal is stability, I would have likely started with an immutable OS. This creates certain assurances for the base OS to be in a known good state.
With that base, I’d tend towards:
Flatpak > Container > AppImageMy reasoning for this being:
- Installing software should not effect the base OS (nor can it with an immutable OS). Changes to the base OS and system libraries are a major source of instability and dependency hell. So, everything should be self contained.
- Installing one software package should not effect another software package. This is basically pushing software towards being immutable as well. The install of Software Package 1, should have no way to bork Software Package 2. Hence the need for isolating those packages as flatpaks, AppImages or containers.
- Software should be updated (even on Linux, install your fucking updates). This is why I have Flatpak at the top of the list, it has a built in mechanism for updating. Container images can be made to update reasonably automatically, but have risks. By using something like docker-compose and having services tied to the “:latest” tag, images would auto-update. However, its possible to have stacks where a breaking change is made in one service before another service is able to deal with it. So, I tend to tag things to specific versions and update those manually. Finally, while I really like AppImages, updating them is 100% manual.
This leaves the question of apt packages or doing installs via make. And the answer is: don’t do that. If there is not a flatpak, appimage, or pre-made container, make your own container. Docker files are really simple. Sure, they can get super complex and do some amazing stuff. You don’t need that for a single software package. Make simple, reasonable choices and keep all the craziness of that software package walled off from everything else.
Im pretty appimage is stable to use on your system. It contains all of the dependencies inside of it. Just one file for all of its needs. Only issue that ive had is that you need to manually update them (ie download the newest version).