Should I download applications from package manager (Pop Shop) or from .deb files on Linux?

I have Pop OS as my main operating system? Should I download applications from Pop Shop (the package manager/app store) or from the web, using .deb files? I know that its harder to update apps if I get them from official sources, like getting Chrome directly from Google’s site. Pop Shop auto updates apps for me, but appareantly they’re the unofficial flatpak version of applications. What does that mean? Also, I’m not sure about security of apps because they’re not coming from the official developers of the software I want.

1 Like

does pop os not have a option to choice between a flatpak & a deb

Genuinely don’t worry too much about it. The Pop-Shop should be the first place you go, if you want to download something. Only if it’s not available on the Pop-Shop, should you go looking for another source. Also Flatpak does not mean “unofficial”. Many pieces of software are uploaded to Flathub (where Pop-Shop get’s it’s Flatpaks from) by their official creators. Even if they were not, the Flatpak format is pretty well sandboxed from your system. They’re arguably better than official packages that System76 (makers of Pop-OS) have vetted.

While you can go search for software, and download from a random (hopefully the official) site, it’s usually not recommended. It’s often unmaintained (out of date) information, and potentially cause you problems. Do this as a last resort. An example being MullvadVPN, which only offers a .deb file, and would not be in the Pop-Shop.

1 Like

Yes, but not for all applications.

Pop Shop, since it auto updates stuff for you.

They are unofficial. Google doesn’t build/maintain the flatpak build of Chrome.

The problem is inherent in *unix. Switch to Windows if you want to avoid this problem.


What is the flathub build of an application?

Think of a package manager (Pop-Shop) as one big shopping mall. Inside that mall is various stores (repositories), and more stores can be added/removed by you. Pop-Shop comes pre-installed with System76’s repository, and Flathub’s repository. Flathub is the most popular, and well maintained repository to acquire Flatpaks from.

1 Like

When I install flatpak applications, why does it say that they’re “unofficial builds/versions?” Are apps downloaded from flatpak still maintained by the developers and updated?

Not all builds on Flathub are built and maintained by by the developers, but this is common on Linux because many open source projects will be built and maintained by others so that it can exist in different package formats. Packages that are in respected repos like Flathub or the one that comes with your distro are vetted to make sure something doesn’t come through. Similarly if problems or something worse it discovered the repos will shut off malicious packages when they’re discovered.

That being said, it’s totally fair to look for what the official builds are for software you’re looking for. Many Flathub packages are the official packages from their developers, like Brave Browser for example.

Does it say this on all Flatpaks, or just Chrome? It’s been awhile since I looked at Pop, so I can’t recall the exact working.

The reason I ask is while a lot of packages are uploaded and maintained by their creators, to Flathub, some are not. In this case, the community (and flathub) has taken it upon themselves to have Chrome as a Flatpak. You can see the folks making it, here. This is what they mean, when Chrome is not “official”. It’s officially not not published by Google (even if Google employees worked on it). This is quite common in the open source and Linux community, not just with Flatpaks.

VS Code and Chrome warn me that they’re not official builds.

Oh that makes sense. Thank you for explaining

Does flathub chrome have the same security and the same features as official chrome from Google? Are flathub apps the exact same as the apps from the official developers?

It’s usually up to which the developer priorities. Many people/companies prioritise Flatpaks, because they work on every Linux distribution, and more reliable.

As for Chrome, I’m not too sure. I do not use it. That being said, as it’s not official, I’d imagine that it would be delayed by an hour or a day.

You should be able to check the version in the Pop-Shop, to compare each version. Just taking a look at the Chrome Flatpak page, it’s up to version “107.0.5304.110-1” (at the time of writing). Without installing it, I can’t find the version of the .deb.

So I just realized that Pop Shop lets you choose between the Flatpak and Debian versions of a package. Which should I download, for the purposes for ensuring I get updates, and making sure I’m getting the official version, and not malware or a modified version?

Also, when I installed flatpaks for Firefox and Chrome, they both mysteriously said, “your browser is managed by your organization” when I went to set them up. Do you know why this could happen? This didn’t happen in the Debian versions of these packages.

You don’t have to worthy about either the Debian or Flatpak being malware. They both go through review processes. You should be able to trust the packages in the repos of your distro because they are reviewed and vetted.

It’s always best to stay a little paranoid. Don’t give your apps to much permissions to begin with or revoke permissions that are not needed (such as X11 socket if you use Wayland which you should anyways).

Those are policies set up by the maintainers of the respective packages. It could be disabling telemetry, diasbling checking for updates etc. Check the policies yourself if you are skeptical.

1 Like