What's the problem with .deb files?

[Giganthrax]

From what I've seen thus far, people always advise getting programs on Linux either via whatever software store the distro uses, or via the terminal. 

 

What's wrong with just downloading the .deb file from the software manufacturer's official website, assuming that they've made a Linux version of their program? Obviously, you'd only be doing this for software that was made by well-known companies that aren't going to infect your computer with viruses or malware. 

 

From what I can see, .deb files install without any problems and actually work better. For example, I couldn't get the flatpak version of MegaSync to boot on startup, whereas doing it with the .deb version was a matter of simply checking a box. Also, software store versions of programs are often outdated.

 

So what gives? Why did nobody advise Linus to simply go to Steam's website and download the .deb file and run it? Isn't that the safer and easier option than fumbling with the terminal? I heard there may be some problems with dependencies, but the software installer programs that I used to run the .deb files always took care of that for me and things just worked. 

 

I've only been using Linux for 6 months or so, so please forgive me if I'm missing something super obvious. I'm genuinely curious about this.

[Estiar]

I think it has to do with verification. I still do install programs when I can't find them in repositories, but repositories are much more secure. They also can be updated by the system updater, (apt update) if the program doesn't have one built in.

[0xReki]

depending on the tool, it might be able to not resolve the dependencies correctly. but that can also happen when a broken package is in the repository.

[RONOTHAN##]

I see .deb/.rpm/tarballs/appimages as a last resort for trying to install. It's almost always easier to go through the package manager to install it from the distro's repos, and their usually safer to download. When I'm in the debian world, I always try to install something through the apt repositories first. Those ones are usually vetted for security and stablility, and they're a lot easier to keep up to date. Those are .deb packages, but you don't have to worry about downloading it from the manufacturers website. After that, then I try for Flatpaks, then snaps, and if nothing else is available, .deb from their website/appimages/tarballs

Edited November 10, 2021 by RONOTHAN##

[Nayr438]

It really applies to anything outside of your Distro's repository, not just "deb" files.

• The package may be packaged for a specific Distro.
  • For example, Debian instead of Ubuntu
    • This matters because of versioning and conflicts.
• The package could be outdated
• Outside packages are more likely to contain malware
• Outside packages may be poorly packaged.
  • For example, making a library a required dependency that conflicts with other packages.

 

30 minutes ago, Giganthrax said:

Also, software store versions of programs are often outdated.

But they target your Distro and the packages in that Distro. If that package is outdated, your distro probably is as well. Or at least that should be true, we are however unfortunately in a transitioning state where Distro's are favoring "Containerized" applications over maintaining a official Native Repository, these "containerized" applications however have there own issues.

However mixing outdated and upstream packages can introduce conflicts possibly breaking your OS install. In the event that you want a package that is newer than what your Distro offers and you are not familiar with how packages and dependencies work, you should go with one of these "containerized" instances.

If you understand how these packages and dependencies work and fully understand the risks involved, then a Native outside build will always be a better solution compared to a "containerized" one.

 

31 minutes ago, Giganthrax said:

I heard there may be some problems with dependencies, but the software installer programs that I used to run the .deb files always took care of that for me and things just worked.

The problem with this is that you relying on a system to make decisions for you based on what the packager decided. Unless you are reading through and verifying what the package manager is doing, which most people don't, you are just blindly making system changes that could break your OS install.

Just because a packager decided it was the best setup, it doesn't necessarily mean it is. I've seen plenty of packages poorly put together.

[Dr_badwolf]

Theres nothing wrong with .deb files.
debian's package manager (term = dpkg) will invoke apt-get (that software store) to resolve dependencies.

There are PPAs and 3rd party repos - some include whatever updates to whatever software "deb" youre installing.

you can install a ".deb" without worry, there will be no conflict or issue.
The worst case is merely it not installing.

[flindeberg]

8 hours ago, Giganthrax said:

What's wrong with just downloading the .deb file from the software manufacturer's official website, assuming that they've made a Linux version of their program?

Nothing. If you want the experience as wanted by the manufacturer it is probably the right way to go as well. The package put together by the software developer is the most likely one to be properly put together as well.

 

If you have the necessary skill set, avoid integrated software stores, and especially snaps, in order to have a better experience without poor packaging.

7 hours ago, Nayr438 said:

Just because a packager decided it was the best setup, it doesn't necessarily mean it is. I've seen plenty of packages poorly put together.

Indeed.

[maplepants]

I think it's one of those hold overs from Debian <> Ubuntu interoperability. Back in the old days, newbies (literally me at one point) would install Ubuntu and then in our hunt for software, find a .deb some place, install it and be sad that it didn't work/broke something. So Ubuntu user forums, and LUGs, would basically have a chorus of "don't download random .deb files for software in the repos!". 

 

I think that these days, it's a bit less serious since websites are often pretty good about labelling which distro and which version their .deb is meant for. Albert Launcher is a great example of this, as you'd have a very hard time installing the wrong file for your system.

 

However, many of the complaints about the practice are still true. Everyone updates the packages in the standard repos for their software, if they update their software anywhere at all. They may or may not always update the .deb file on their website for every distro. Plus, everything you install from your package manager gets updated by the standard update procedures, and this may not be the case for a .deb file.

[Giganthrax]

Thanks for all the replies.

 

I didnt know programs installed via deb files were problematic to update. Why is this so?

 

On Linux Mint Mate, all of the programs I installed this way (Edge browser beta, Chrome, etc.) get updated automatically via the regular software updater that was included with the distro. How are these updates different from updates I get for software store apps? I genuinely dont understand this part.

 

Also, how serious is the risk of something breaking if you pick a deb file thats made for your distro version (say, using a deb designed for ubuntu 20.04 with ZorinOS Core, which is based on ubuntu 20.04)? I had kinda assumed that major companies such as Google would make sure this wouldnt happen.