Linux Newbie

[Gifura]

Hey guys,

Recently I decided to move to Linux. I really enjoy the smoothness of the OS . I am comfortable with it and the way it works, but I do have some questions which I didn't find answers of.

I might get a lot of hate about my questions,  but I am still learning about Linux and I would enjoy some recommendations and help.

I'm curious how does the app store work. I know that in different distros there are many but just in general. 

I am using Manjaro and for example "Steam" is uploaded by a person.  Who is he and are these kind of apps all safe to use ?

Secondly, I couldn't find Spotify on the market but there is a code for it on the Manjaro site to be downloaded with the terminal. There are two types of softwares to choose from . One is "Snap" and the second one is "Flatpak" . Which one should I use and why ?

Again, I am really sorry for my probably stupid questions but I am kind of new and I am really looking forward to learn and use Linux as my main OS. 

That's why I'm asking for directions in my studying. 

 

Thank you in advance ! 

Hope you all have a great time... 

 

[keik]

Basically you are asking, if community driven operating system(s) and its curated software is safer then just installing binaries and executables from a faceless company. It is as safe as you let it be safe, it has nothign to do with any operating system.

Flatpacks are open source and snap are canonical (more like "company driven" releases).

[Juanmacaam]

14 minutes ago, Gifura said:

One is "Snap" and the second one is "Flatpak" . Which one should I use and why ?

Snap and Flatpak are package managers, like apt on Ubuntu. I think (might be wrong) the snap is simpler to install and manage.

[Iron_Planter]

All the software for Linux is maintained by the community or corporations participating in the community. Individuals often publish and maintain software and you can usually find more information on GitLab or GitHub about a particular piece of software. All the software that makes it in to a distro repository or applications like Snap or Flatpak should be safe to use.

 

Looks like Snap and Flatpak are very similar. They allow people that make applications to package them for either application and they can run on any system that can install Snap or Flatpak. Both of them run the applications in containers which is actually a bit safer and more stable than directly installing something on your system. I've used Flatpak on Fedora and enjoyed it as it's easy to use. I don't think one has any advantages over the other. You could probably run both if you need to.

[Gifura]

4 minutes ago, Iron_Planter said:

All the software for Linux is maintained by the community or corporations participating in the community. Individuals often publish and maintain software and you can usually find more information on GitLab or GitHub about a particular piece of software. All the software that makes it in to a distro repository or applications like Snap or Flatpak should be safe to use.

 

Looks like Snap and Flatpak are very similar. They allow people that make applications to package them for either application and they can run on any system that can install Snap or Flatpak. Both of them run the applications in containers which is actually a bit safer and more stable than directly installing something on your system. I've used Flatpak on Fedora and enjoyed it as it's easy to use. I don't think one has any advantages over the other. You could probably run both if you need to.

Thank you for the explanation!

[Sauron]

4 hours ago, Gifura said:

I am using Manjaro and for example "Steam" is uploaded by a person.  Who is he and are these kind of apps all safe to use ?

Typically repositories (the servers containing the packages you install) are curated by a group of people who may or may not be paid to do so depending on the distribution. These people are called maintainers and they "sign" the packages with a cryptographic key that the operating system trusts. Maintainers are trusted by the community and, in case that trust is lost for whatever reason, they may be substituted by someone else that the community is more comfortable with.

 

Malware in official repositories is exceptionally rare and when it happens it's usually an honest mistake. The system has been shown to work remarkably well so far.

 

In the case of Manjaro and other Arch based distributions there is also something called the AUR where users can upload their own build scripts for packages that are not available on the main repositories. This is slightly less safe because at that point you're trusting individual users but the packages are still vetted by the community and official staff - if something harmful is uploaded it's usually taken down in a matter of hours at the most and it pretty much never happens with popular packages like Steam.

4 hours ago, Gifura said:

Secondly, I couldn't find Spotify on the market but there is a code for it on the Manjaro site to be downloaded with the terminal. There are two types of softwares to choose from . One is "Snap" and the second one is "Flatpak" . Which one should I use and why ?

Snap and Flatpak are systems that allow you to install the same package on any distribution at the cost of slightly higher storage requirements - this is because they come with all the libraries they need bundled in. It doesn't really make a difference which one you choose so I'd just go for the one with the most up to date version of the program.

4 hours ago, Gifura said:

Again, I am really sorry for my probably stupid questions but I am kind of new and I am really looking forward to learn and use Linux as my main OS.

Don't worry just make sure you've done a bit of research before asking and nobody will fault you for not knowing something.

[Dutch_Master]

1 hour ago, Sauron said:

Don't worry just make sure you've done a bit of research before asking and nobody will fault you for not knowing something.

This exactly typifies the Linux community: do your homework and if you can't solve it, we're happy to help if you show us what you've tried.

[Nayr438]

16 hours ago, Gifura said:

I'm curious how does the app store work. I know that in different distros there are many but just in general.

It pulls a list of packages from a maintained repository for you to install from, rather than having to hunt down individual packages for your distro. Out of the box it will only pull from a trusted repository, you can however add third party repositories. Third party repositories are maintained separate from the distribution, there is no guarantee that a package is maintained or safe and is usually up to you to determine this.

16 hours ago, Gifura said:

I am using Manjaro and for example "Steam" is uploaded by a person.  Who is he and are these kind of apps all safe to use ?

On Manjaro, Steam should come from the official repository. The steam client itself is pulled from the steam website or Ubuntu's repository, then decompressed and repackaged for use on Arch. However, in the event it comes from the AUR, It can be packaged by anyone and pulled from anywhere, Generally malicious packages are removed fairly quick, but some do hang around. The AUR however does have a voting and comment system, you can also check if a package is still being maintained. https://aur.archlinux.org/

16 hours ago, Gifura said:

Secondly, I couldn't find Spotify on the market but there is a code for it on the Manjaro site to be downloaded with the terminal. There are two types of softwares to choose from . One is "Snap" and the second one is "Flatpak" . Which one should I use and why ?

These are app containers, it really wont matter which one you go with as they pretty much all do the same thing. They are containers that ship a specific version of a application as well as all dependencies and keep them separate from the system itself. The biggest downside to this is package size and possible missing features due to being restricted to its container, they are however compatible across several distributions.

In the case of Manjaro however, there is a AUR package for spotify and I would personally recommend it over the containerized ones. https://aur.archlinux.org/packages/spotify/

 

To download from the AUR you have a few options.

1. You can enable AUR support in pamac and just search and install as you would any other package. You would get updates for AUR packages with your normal updates.

   1. Open Pamac - the name in menu is Add/Remove Software and navigate to the Preferences page. You will be required to enter your password to access it.
      
      At Preferences page → select the AUR tab → and move the slider to enable AUR. 

2. You can use a AUR helper such as yay,You would only get updates for AUR packages if you update using "yay -Syu" from the terminal. This will also update your other packages as well.
   1. yay -Sy spotify
3. You can download the pkgbuild and build it, You would only get updates if you manually download it and rebuild it
   1. git clone https://aur.archlinux.org/spotify.git
   2. cd spotify
   3. makepkg -si

No matter how you install it, it can be uninstalled the same way as any other package.

[Gifura]

11 hours ago, Sauron said:

Typically repositories (the servers containing the packages you install) are curated by a group of people who may or may not be paid to do so depending on the distribution. These people are called maintainers and they "sign" the packages with a cryptographic key that the operating system trusts. Maintainers are trusted by the community and, in case that trust is lost for whatever reason, they may be substituted by someone else that the community is more comfortable with.

 

Malware in official repositories is exceptionally rare and when it happens it's usually an honest mistake. The system has been shown to work remarkably well so far.

 

In the case of Manjaro and other Arch based distributions there is also something called the AUR where users can upload their own build scripts for packages that are not available on the main repositories. This is slightly less safe because at that point you're trusting individual users but the packages are still vetted by the community and official staff - if something harmful is uploaded it's usually taken down in a matter of hours at the most and it pretty much never happens with popular packages like Steam.

Snap and Flatpak are systems that allow you to install the same package on any distribution at the cost of slightly higher storage requirements - this is because they come with all the libraries they need bundled in. It doesn't really make a difference which one you choose so I'd just go for the one with the most up to date version of the program.

Don't worry just make sure you've done a bit of research before asking and nobody will fault you for not knowing something.

Thank you a lot for the amazing explanation!  

[nanopone]

every app on the aur is maintained by a person. the install scripts are public and can be read, so 99% of the time they're safe. i would not recommend using snaps or flatpaks as they usually function different from native linux binaries and have security flaws. 

spotify is available from the aur, which you can access by enabling aur support in pamac's settings if you haven't already.